[英]Check for IP address in table - mySQL PHP
好的。 我有3個字段的比賽報名表,將其插入到mySQL DB中...並通過電子郵件發送。 我正在添加此代碼,該代碼將檢查用戶當前IP的表單,並禁止提交(如果存在)。
現在似乎正在執行,沒有錯誤...但是它允許來自同一IP的多個提交。 有什么不對勁的嗎?
完整代碼如下:
<?php //include the connection file
require_once('connection.php');
function sanitize($value, $type)
{
$value = (!get_magic_quotes_gpc()) ? addslashes($value) : $value;
switch ($type) {
case "text":
$value = ($value != "") ? "'" . $value . "'" : "NULL";
break;
case "long":
case "int":
$value = ($value != "") ? intval($value) : "NULL";
break;
case "double":
$value = ($value != "") ? "'" . doubleval($value) . "'" : "NULL";
break;
case "date":
$value = ($value != "") ? "'" . $value . "'" : "NULL";
break;
}
return $value;
}
//save the data on the DB and send the email
if(isset($_POST['action']) && $_POST['action'] == 'submitform')
{
//recieve the variables
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$ip = gethostbyname($_SERVER['REMOTE_ADDR']);
mysql_select_db($database, $connection);
$QUERY = "SELECT COUNT(IP) AS `count` FROM `contest` WHERE IP = 'value'";
$RESULT = mysql_query($QUERY) or die(mysql_error());
// Read the firs row
$row = mysql_fetch_assoc($RESULT);
// Check how many rows MySQL counted
if($row['count'] > 0) {
echo "value already exists";
}
else {
//save the data on the DB
mysql_select_db($database, $connection);
$insert_query = sprintf("INSERT INTO contest (First_Name, Last_Name, Email_Address, Date, ip) VALUES (%s, %s, %s, NOW(), %s)",
sanitize($firstname, "text"),
sanitize($lastname, "text"),
sanitize($email, "text"),
sanitize($ip, "text"));
$result = mysql_query($insert_query, $connection) or die(mysql_error());
if($result)
{
//send the email
$to = "EMAIL ADDY";
$subject = "SUBJECT LINE";
//headers and subject
$headers = "MIME-Version: 1.0rn";
$headers .= "Content-type: text/html; charset=iso-8859-1rn";
$headers .= "From: ".$firstname." <".$email.">rn";
$body = "New contact
";
$body .= "First Name: ".$firstname."
";
$body .= "Last Name: ".$lastname."
";
$body .= "Email: ".$email."
";
$body .= "IP: ".$ip."
";
mail($to, $subject, $body, $headers);
//ok message
header ('Location: thanks.html');
exit ();
}
}
}
?>
您需要使用反引號而不是單引號來轉義表名/保留字:
$QUERY = "SELECT COUNT(IP) AS `count` FROM `contest` WHERE IP = 'value'";
此外,如果你的IP列是字符串,則需要封閉值在單引號:-)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.