ip ban function

VooDooRT

For the life of me, I can't this ip ban function to work. I've tried just about every variation I could think of, and after 2 hours, I'm going to see if you guys can help me any.

function ipban($ip){
  global $fontString, $fontString2, $headString;
  global $myrow;
  $result = @mysql_query("SELECT * FROM security WHERE ipaddress = \"$ip\"");
  $myrow = mysql_fetch_array($result);
 // if($myrow != NULL)
  //   extract($myrow);
	if($myrow != NULL) {
		return 1;
	  }
	  else {
		echo("
			<p>Access DENIED!</p>
		$fontString You are permantently banned from this web site.  This attempt at access has been logged.");
}
}

BillHudson

The following should do it...

$result = @("SELECT * FROM security WHERE ipaddress = " . $ip);

jeroom

or with single quotes...
$result = @("SELECT * FROM security WHERE ipaddress = '$ip'");
but the first is reply is a better one 🙂

tha_mink

$query = "SELECT * FROM security WHERE ipaddress = '$ip'";
$result = mysql_query($query) or die(mysql_error());
$numresults = mysql_num_rows($result);
if ($numresults > 0) {
     print"<p>You cannot come here anymore...blah blah blah</p>";
     exit;
} else {
     return 1;
}

No?

jeroom

BillHudson 's string will return

SELECT * FROM security WHERE ipaddress = 192.168.0.1

(imagine an other ip adress)

with single quotes it will be

SELECT * FROM security WHERE ipaddress = '192.168.0.1'

that's the only thing thats different

BillHudson

The way I see the original query is with quotes the PHP is not going to output the variable. Single quotes just eleminates the \ but you would still have a string of 3 characters $ip instead of what is in $ip which is what you want to look for.

I use my exact method for searching product numbers on http://BrendanProducts.com and it works fine.

"$whatever" is a string
$whatever is going to be the value of $whatever:eek:

tha_mink

The way I see the original query is with quotes the PHP is not going to output the variable. Single quotes just eleminates the \ but you would still have a string of 3 characters $ip instead of what is in $ip which is what you want to look for.

WHAT???
That is false.

are you trying telling me that the line

$query = "SELECT * blah blah blah WHERE ip = '$ip'"

will NOT send the value of $ip to the query?

Cause it always works fine for me.

BillHudson

I stand corrected. Just tried it with ' on http://BrendanProducts.com and it worked fine. I didn't know it would work like that. So is it just wrapping quotes around the value of the variable when it outputs it?

I guess I've been programming VB too long.

Try to teach and get tought, I love it!:rolleyes:

tha_mink

<?
$ip = "192.168.0.1";
$query = "SELECT * FROM security where ip='$ip'";
echo $query;

?>

That works fine everywhere I try it.

VooDooRT

Originally posted by tha_mink

$query = "SELECT * FROM security WHERE ipaddress = '$ip'";
$result = mysql_query($query) or die(mysql_error());
$numresults = mysql_num_rows($result);
if ($numresults > 0) {
     print"<p>You cannot come here anymore...blah blah blah</p>";
     exit;
} else {
     return 1;
}

No? [/B]

Worked PERFECTLY! Thank you!

Mike2307

where did you get this code? i need a ban script as well

VooDooRT

Use the code I posted in that last post, and when you need to call it, call it like this:

if(ipban($REMOTE_ADD)){
Whatever the content to your site is
}

Mike2307

you'd have to show me an example page, have the sql info... basically all of it for me to get it right.. I'm a newbie =|