开发者

Check for IP address in table - mySQL PHP

问答 作者:

Alright. I have this contest signup form with 3 fields that inserts it into a mySQL DB... as well as emailing it. I am adding this code that will check the form for the users current IP, and disallow the submission if it exists.

This seems to be executing without error now... but it allows multiple submissions from the same开发者_如何学Python IP. Anything jump out as incorrect?

FULL CODE BELOW:

<?php //include the connection file

require_once('connection.php');


function sanitize($value, $type)
{
$value = (!get_magic_quotes_gpc()) ? addslashes($value) : $value;

switch ($type) {
case "text":
$value = ($value != "") ? "'" . $value . "'" : "NULL";
break;
case "long":
case "int":
$value = ($value != "") ? intval($value) : "NULL";
break;
case "double":
  $value = ($value != "") ? "'" . doubleval($value) . "'" : "NULL";
  break;
case "date":
  $value = ($value != "") ? "'" . $value . "'" : "NULL";
  break;
}

return $value;
}

//save the data on the DB and send the email

if(isset($_POST['action']) && $_POST['action'] == 'submitform')
{
//recieve the variables

$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$ip = gethostbyname($_SERVER['REMOTE_ADDR']);

mysql_select_db($database, $connection);
$QUERY = "SELECT COUNT(IP) AS `count` FROM `contest` WHERE IP = 'value'";
$RESULT = mysql_query($QUERY) or die(mysql_error());

// Read the firs row
$row = mysql_fetch_assoc($RESULT);

// Check how many rows MySQL counted
if($row['count'] > 0) {
echo "value already exists";
}
else {

//save the data on the DB

mysql_select_db($database, $connection);

$insert_query = sprintf("INSERT INTO contest (First_Name, Last_Name, Email_Address, Date, ip) VALUES (%s, %s, %s, NOW(), %s)",
                        sanitize($firstname, "text"),
                        sanitize($lastname, "text"),
                        sanitize($email, "text"),
                        sanitize($ip, "text"));

$result = mysql_query($insert_query, $connection) or die(mysql_error());

if($result)
{
    //send the email

    $to = "EMAIL ADDY";
    $subject = "SUBJECT LINE";

    //headers and subject
    $headers  = "MIME-Version: 1.0rn";
    $headers .= "Content-type: text/html; charset=iso-8859-1rn";
    $headers .= "From: ".$firstname." <".$email.">rn";

    $body = "New contact
";
    $body .= "First Name: ".$firstname."
";
    $body .= "Last Name: ".$lastname."
";
    $body .= "Email: ".$email."
";
    $body .= "IP: ".$ip."
";

    mail($to, $subject, $body, $headers);

    //ok message

    header ('Location: thanks.html');
    exit ();
}
}
}

?>

You need to use backticks instead of single quotes to escape table names/reserved words:

$QUERY = "SELECT COUNT(IP) AS `count` FROM `contest` WHERE IP = 'value'";

Also if your IP column is string you need to enclose the value for that in single quotes :-)

继续阅读:formsphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9