Jump to content

Archived

This topic is now archived and is closed to further replies.

simcoweb

How to determine if new data being posted is already in the database?

Recommended Posts

Here's the scenario:

I have a script that pulls their IP address along with the date and the directory and posts that information to a mysql database. What I want to do  now is have the script be capable of banning ip's. So, to do so the script must first determine it (which it does) but before it adds it to the database it needs to check to see if it's possibly in the 'banned' section. If that IP is banned then it should display a separate message. (like 'you are banned, dude!).

Here's the code for the main page that collects and writes the data:

[code]<?php
$ip = $_SERVER["REMOTE_ADDR"];
$dir = $_SERVER["REQUEST_URI"];
include 'config.php'; //edit the location of your logging file or MySQL database in the config.php
include 'header.php';
//set the date
$v_date = date("l d F H:i:s");

print "<table width='500' align='center' border='1'><tr><td>";
print "<table width='100%'><tr><td bgcolor='#C8D4DF'>";
echo "<center><font face='Verdana'><h3>Unauthorized Access Warning Message</h3></font>";
print "</td></tr>";
print "<tr><td bgcolor='#FFF0C0'>";
print "<center><h3>You should not be here</h4><p>";
print "</td></tr>";
print "<tr><td bgcolor='#FFF0C0'>";
echo "<center><font size='2' face='Verdana'>Your IP address is ". $ip . " and has been logged</font><p>";

echo "$v_date<p>";

echo "<center><font size='1' face='Verdana'><strong>You will be redirected to an authorized page.</strong></font>";
print "</td></tr></table></td></tr></table>";

//open the MySQL database and write to the table
mysql_connect($dbhost, $dbuser, $dbpass) or die('Database will not open');
mysql_select_db($dbname);

// Insert a row of information into the table "iplog"
mysql_query("INSERT INTO iplog
(ip, date, directory) VALUES('$ip', '$v_date','$dir') ")
or die(mysql_error());

echo "<center><h2>Data logged successfully!<br />";

?>[/code]

I'm a noob so I think in logical expressions when it comes to what needs to be done. So, i've outlined it but I'm not sure how to code it. Here's my presumptions:

1) create a function() that would check the incoming $ip address against the MySQL database
2) the function would run a mysql_query into the 'banned' field of the db table to search for a match
3) the function would contain an 'if' statement pertaining to the query finding the match or not
4) the 'if' statement would state 'if a match is found... blah blah.. echo 'you suck and don't come back'
5) the 'else' statement would, if no match found, push the script to do its normal thing, display the normal message and log the new data

Now, that's my logical brain mode. I've looked at some code that performs similar analysis/comparison that was posted in here for someone looking to validate if a username/password/email were already in the database. It makes sense but at the same time it's confusing. Here's the snippet:

[code]//check to see if the login id or email is already being used
$loginid_sql = sprintf("SELECT COUNT(*) AS loginid_match FROM `login_tbl ` WHERE `loginid` = '%s'", $login_id);
$email_sql = sprintf("SELECT COUNT(*) AS email_match FROM `login_tbl ` WHERE `email` = '%s'", $email);

$loginid_result= mysql_query($loginid_sql) or die(mysql_error());
$email_result= mysql_query($email_sql) or die(mysql_error());

$loginid_match= mysql_result($loginid_result, 0, 'loginid_match');
$email_match= mysql_result($email_result, 0, 'email_match');

if ( $loginid_match > 0 ) { //if there are any login ids that match
    echo "This login id is already taken. Please try again";
    include('register.html');//your register form
    unset($loginid);
    exit();
}
if ( $email_match > 0 ) { //if there are any email addresses that match
    echo "This email has already been used";
    include('register.html');//your register form
    unset($email);
    exit();
}
[/code]

What I see is it does the inquiry to validate if it exists, runs the 'if' statements based upon the results. What I need is a simple way to either adapt this or do similar for my needs. I'm just stuck on the proper method. Thanks for any suggestions and code help :)

Share this post


Link to post
Share on other sites
its quite simple. Here is an example, I'll wrap it in functions seeing as your talking about them. There good to use wherever possible.

[code=php:0]
function isbanned($ip) {
  $sql = "SELECT id FROM banned_ips WHERE ip = '$ip'";
  if ($result = mysql_query($sql)) {
    return true;
  }
  return false;
}

if (isbanned($_SERVER['REMOTE_ADDR'])) {
  echo "you suck and don't come back";
} else {
  // go about whatever it is you want to do.
}
[/code]

Be aware though that ips can be very easily spooked, and are pretty unreliable. For instance, at my work there are some 600 computers, all of which would have the same public ip.

Share this post


Link to post
Share on other sites
First, thanks for the response. Secondly, I was assuming that even in my logical mind that I was over complicating it. This looks simple and easy to adapt. I'm soaking this stuff up like a sponge Thanks for the help!

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.