檢查表中的IP地址-MySQL SQL

Question

好的。 我有3個字段的比賽報名表，將其插入到mySQL DB中...並通過電子郵件發送。 我正在添加此代碼，該代碼將檢查用戶當前IP的表單，並禁止提交（如果存在）。

現在似乎正在執行，沒有錯誤...但是它允許來自同一IP的多個提交。 有什么不對勁的嗎？

完整代碼如下：

<?php //include the connection file

require_once('connection.php');


function sanitize($value, $type)
{
$value = (!get_magic_quotes_gpc()) ? addslashes($value) : $value;

switch ($type) {
case "text":
$value = ($value != "") ? "'" . $value . "'" : "NULL";
break;
case "long":
case "int":
$value = ($value != "") ? intval($value) : "NULL";
break;
case "double":
  $value = ($value != "") ? "'" . doubleval($value) . "'" : "NULL";
  break;
case "date":
  $value = ($value != "") ? "'" . $value . "'" : "NULL";
  break;
}

return $value;
}

//save the data on the DB and send the email

if(isset($_POST['action']) && $_POST['action'] == 'submitform')
{
//recieve the variables

$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$ip = gethostbyname($_SERVER['REMOTE_ADDR']);

mysql_select_db($database, $connection);
$QUERY = "SELECT COUNT(IP) AS `count` FROM `contest` WHERE IP = 'value'";
$RESULT = mysql_query($QUERY) or die(mysql_error());

// Read the firs row
$row = mysql_fetch_assoc($RESULT);

// Check how many rows MySQL counted
if($row['count'] > 0) {
echo "value already exists";
}
else {

//save the data on the DB

mysql_select_db($database, $connection);

$insert_query = sprintf("INSERT INTO contest (First_Name, Last_Name, Email_Address, Date, ip) VALUES (%s, %s, %s, NOW(), %s)",
                        sanitize($firstname, "text"),
                        sanitize($lastname, "text"),
                        sanitize($email, "text"),
                        sanitize($ip, "text"));

$result = mysql_query($insert_query, $connection) or die(mysql_error());

if($result)
{
    //send the email

    $to = "EMAIL ADDY";
    $subject = "SUBJECT LINE";

    //headers and subject
    $headers  = "MIME-Version: 1.0rn";
    $headers .= "Content-type: text/html; charset=iso-8859-1rn";
    $headers .= "From: ".$firstname." <".$email.">rn";

    $body = "New contact
";
    $body .= "First Name: ".$firstname."
";
    $body .= "Last Name: ".$lastname."
";
    $body .= "Email: ".$email."
";
    $body .= "IP: ".$ip."
";

    mail($to, $subject, $body, $headers);

    //ok message

    header ('Location: thanks.html');
    exit ();
}
}
}

?>

Answer 1

您需要使用反引號而不是單引號來轉義表名/保留字：

$QUERY = "SELECT COUNT(IP) AS `count` FROM `contest` WHERE IP = 'value'";

此外，如果你的IP列是字符串，則需要封閉值在單引號:-)