检查表中的IP地址-MySQL SQL
[英]Check for IP address in table - mySQL PHP
问题描述
Alright. 
好的。 I have this contest signup form with 3 fields that inserts it into a mySQL DB... as well as emailing it. 我有3个字段的比赛报名表,将其插入到mySQL DB中...并通过电子邮件发送。 I am adding this code that will check the form for the users current IP, and disallow the submission if it exists. 我正在添加此代码,该代码将检查用户当前IP的表单,并禁止提交(如果存在)。
This seems to be executing without error now... but it allows multiple submissions from the same IP. 现在似乎正在执行,没有错误...但是它允许来自同一IP的多个提交。 Anything jump out as incorrect? 有什么不对劲的吗?
FULL CODE BELOW: 完整代码如下:
<?php //include the connection file
require_once('connection.php');
function sanitize($value, $type)
{
$value = (!get_magic_quotes_gpc()) ? addslashes($value) : $value;
switch ($type) {
case "text":
$value = ($value != "") ? "'" . $value . "'" : "NULL";
break;
case "long":
case "int":
$value = ($value != "") ? intval($value) : "NULL";
break;
case "double":
$value = ($value != "") ? "'" . doubleval($value) . "'" : "NULL";
break;
case "date":
$value = ($value != "") ? "'" . $value . "'" : "NULL";
break;
}
return $value;
}
//save the data on the DB and send the email
if(isset($_POST['action']) && $_POST['action'] == 'submitform')
{
//recieve the variables
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$ip = gethostbyname($_SERVER['REMOTE_ADDR']);
mysql_select_db($database, $connection);
$QUERY = "SELECT COUNT(IP) AS `count` FROM `contest` WHERE IP = 'value'";
$RESULT = mysql_query($QUERY) or die(mysql_error());
// Read the firs row
$row = mysql_fetch_assoc($RESULT);
// Check how many rows MySQL counted
if($row['count'] > 0) {
echo "value already exists";
}
else {
//save the data on the DB
mysql_select_db($database, $connection);
$insert_query = sprintf("INSERT INTO contest (First_Name, Last_Name, Email_Address, Date, ip) VALUES (%s, %s, %s, NOW(), %s)",
sanitize($firstname, "text"),
sanitize($lastname, "text"),
sanitize($email, "text"),
sanitize($ip, "text"));
$result = mysql_query($insert_query, $connection) or die(mysql_error());
if($result)
{
//send the email
$to = "EMAIL ADDY";
$subject = "SUBJECT LINE";
//headers and subject
$headers = "MIME-Version: 1.0rn";
$headers .= "Content-type: text/html; charset=iso-8859-1rn";
$headers .= "From: ".$firstname." <".$email.">rn";
$body = "New contact
";
$body .= "First Name: ".$firstname."
";
$body .= "Last Name: ".$lastname."
";
$body .= "Email: ".$email."
";
$body .= "IP: ".$ip."
";
mail($to, $subject, $body, $headers);
//ok message
header ('Location: thanks.html');
exit ();
}
}
}
?>
1 个解决方案
解决方案1
-1 已采纳 2011-09-28 13:35:29
You need to use backticks instead of single quotes to escape table names/reserved words: 您需要使用反引号而不是单引号来转义表名/保留字:
$QUERY = "SELECT COUNT(IP) AS `count` FROM `contest` WHERE IP = 'value'";
Also if your IP column is string you need to enclose the value for that in single quotes :-) 此外,如果你的IP列是字符串,则需要封闭值在单引号:-)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.