query result with multiple results with in if else statement

Question

I'm currently working on a script that makes it possible to only allow ip's out of a query to go to the website. But my current problem is that I only allow the first result of the query to go through and the second result isn't neither is the rest.

require_once("../mysql.php"); 
$ip = $_GET['ip'];
$sql = "SELECT DISTINCT ip FROM servers WHERE status = 1";
$res = mysql_query($sql) or die(mysql_error());
$allow = mysql_fetch_assoc($res);
if ($ip != $allow['server']) {
    echo 'IP is not allowed!';
    die ();
}
$port = $_GET['port'];

What am I doing wrong in this case?

Answer 1

You need a for loop, otherwise you will be getting only the last row of the query!

$allow = mysql_fetch_assoc($res);

Should become

while($allow = mysql_fetch_assoc($res){
     if ($ip != $allow['server']) {
          echo 'IP is not allowed!';
          continue;
      }else
         $port = $_GET['port'];
 }

Answer 2

You have to use a while loop like:

$ipAllowed = false;
while ($allow = mysql_fetch_assoc($res))
    if ($ip == $allow['server']) {
        echo 'IP is allowed!';
        $ipAllowed = true;
        break;
    }
if (!$ipAllowed) {
    echo 'IP is not allowed!';
    die();
}

or simply use (faster method):

$sql = "SELECT ip FROM servers WHERE status = 1 AND ip = '".mysql_real_escape_string($ip)."'";
$res = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($res) === 0) {
    echo 'IP is not allowed!';
    die();
}

Answer 3

Why don't you check the IP in your SQL query?

require_once("../mysql.php"); 
$ip = $_GET['ip'];
$sql = "SELECT count(*) FROM servers WHERE status = 1 AND IP = '".$ip."'";

After that you can check, if the return value from the SQL statement is greater than "0". If true, the ip address is in the database query. Else the ip is not included in the table. Maybe it is usefull to escape the $ip variable to prevent sql injections.

Answer 4

require_once("../mysql.php"); 
$ip = $_GET['ip'];
$sql = "SELECT DISTINCT ip FROM servers WHERE status = 1";
$res = mysql_query($sql) or die(mysql_error());
while($allow = mysql_fetch_assoc($res))
{
    if ($ip != $allow['server']) {
    echo 'IP is not allowed!';
    die ();
    }
    else
    { $port = $_GET['port']; }

}

using of while loop will brings all value...

Answer 5

The method you are using for checking the ip address not seems to be optimized at all, you are making a while loop for all the avaialble IPs from database and then checking the individual IP for your field.

Instead of that you have to filter your query with the particular IP address or range of the IP address, so the SQL will going to send you the results according to that so, no operational resources will be used by your application

You can do like,

$query = mysql_query("SELECT ipAddress as Record FROM YOURTABLENAME where status=1 and IP =".$ip);

if(mysql_num_rows($query)>0)
{
  //IP found do you logic here.
}
else
{
  //IP not found do you logic here.
}

This will saves your more than 75% resources to be used.

Hope you are clear now.

Thanks.