Script not working

[Monk3h]

can anyone tell me why this dosnt work?

 

<?php
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);

mysql_query("update players set hostname=$hostname where id=$stat[id]");

$badisp = mysql_fetch_array(mysql_query("select * from badisp"));

if ($hostname == $badisp[isp]){

print "Invalid login MOFO.";

}

?>/code]

[EGONick]

As long as the data exists in the database try this:

 

<?php
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);

mysql_query("update players set hostname=$hostname where id=$stat[id]");

$badisp = mysql_fetch_array(mysql_query("select * from badisp"));

if ($hostname == $badisp['isp']){

print "Invalid login MOFO.";

}

?>

[corbin]

$hostname will be a string, therefore, it needs quotes around it.

 

mysql_query("update players set hostname='{$hostname}' where id={$stat['id']}");

 

Also, $stat['id'] is set, yes?

 

 

Also, when ever you access arrays with strings, you should quote them, or PHP will try to see if the string is a constant (and issue either a warning or notice.  I think a notice, but I could be rememering wrong).

[Monk3h]

Still doesnt work..

 

<?php
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$stat = mysql_fetch_array(mysql_query("select * from players where user='$user' and pass='$pass'"));

mysql_query("update players set hostname='{$hostname}' where id={$stat['id']}");

$badisp = mysql_fetch_array(mysql_query("select * from badisp"));

if ($hostname == $badisp['isp']){

print "Invalid login MOFO.";

}

?>

[Monk3h]

Script Explantion..

 

When Some one cheats i add there isp details into a table called badisp, in a feild called isp.

 

Im prety sure i used the right sql string to access that table.

 

The script should display that message if any of the entries match that person ISP.

[BlueSkyIS]

Im prety sure i used the right sql string to access that table.

 

i suggest that you skip the shortcuts and take more control your database interactions, for instance:

 

<?php
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$hsql = "select * from players where user='$user' and pass='$pass'";
$hresult = mysql_query($hsql) or die(mysql_error());
if (count($hresult) > 0) {
       $stat = mysql_fetch_array($hresult);
       $usql = "update players set hostname='{$hostname}' where id={$stat['id']}";
       mysql_query($usql) or die(mysql_error());

       $tsql = "select * from badisp";
       $tresult = mysql_query($tsql) or die(mysql_error());
       
       if (count($tresult) > 0) {
               $badisp = mysql_fetch_array($tresult);

               if ($hostname == $badisp['isp']){

              print "Invalid login MOFO.";

                }
        }
}
?>

 

this will help you find the mistakes in your database interactions. without error reporting, you have to guess and hack and waste time when the solution could be right in front of you.

[GingerRobot]

Why are we selecting all the rows from a table and then looking for a match? Use a database the way it's designed to be used:

 

$sql = "SELECT COUNT(*) FROM badisp WHERE isp='$hostname'";
$result = mysql_query($sql) or die(mysql_error());
if(mysql_result($result,0) > 0){
   echo 'invalid login';
}
?>

 

 

Also, when ever you access arrays with strings, you should quote them, or PHP will try to see if the string is a constant (and issue either a warning or notice.  I think a notice, but I could be rememering wrong).

 

It's a notice.