Inserting IP Address into MySql Table with PHP

[DYWBH]

Hello, I have created a very basic form that inserts user information to a MySql table. I am now trying to make it insert the useres IP into the IP column within the table.

 

Here is my code:

 

<?php


mysql_connect("mysql9.000webhost.com", "a3313201_admin", "xxxxxx") or die(mysql_error()); mysql_select_db("a3313201_admin") or die(mysql_error()); 

$Username = $_POST['Username'];
$Password= $_POST['Password'];


$query="INSERT INTO Users (Username, Password, [b]IP[/b])VALUES('".$Username."', '".$Password."', [b]???[/b])";

mysql_query($query) or die ('Error 101');

echo "Accoount Created";

?>

Thank you for your help

[dougjohnson]

$ipaddress = $_SERVER['REMOTE_ADDR'];

 

Also, you probably want to hash the password before inserting it into the db.

[redixx]

The $_SERVER super global can give you the user's IP address.

 

$query="INSERT INTO Users (Username, Password, IP)VALUES('".$Username."', '".$Password."', $_SERVER['REMOTE_ADDR'])";

 

EDIT: By the way, your script is at high risk of SQL injection. You cannot just dump user input directly into your database, you need to sanitize it first.

 

At the very least, do:

 

$Username = mysql_real_escape_string($_POST['Username']);
$Password = mysql_real_escape_string($_POST['Password']);

 

Also as dougjohnson said, you should never store a password as plaintext. Use a one-way hash algorithm, like sha1() at the very least.