Shadowing Posted December 5, 2011 Share Posted December 5, 2011 If you do a select query do you always need to do a update query to of everything you selected? otherwise it leaves the value blank? Reason I ask is cause im confused on this one spot of my login script my confusion is it having two $result = in the script. If i remove the second $result my login ip wont be recorded. I just cant make sense of why. Can someone please help me understand how its affecting my log in script i would really appreciate it cause I understand everything out 100 percent accept that. <? include_once("connect.php"); ?> <html> <body> <?php if(isset($_POST['Login'])) { if(!preg_match('/^[A-Za-z0-9]{5,20}$/',$_POST['Username'])) { // checks username format. echo "Invalid Username."; } else { $query = "SELECT password,id,login_ip FROM users WHERE name='".mysql_real_escape_string($_POST['Username'])."'"; $result = mysql_query($query) or die(mysql_error()); $row = mysql_fetch_array($result); // Search the database and get the password, id, and login ip that belongs to the name in the username field. if(empty($row['id'])){ // check if the id exist and it isn't blank. echo "Account doesn't exist."; } else { if(md5($_POST['password']) != $row['password']){ // if the account exist this is matching the password with the password typed in the password field. echo "Your password is incorrect."; } else { if(empty($row['login_ip'])){ // checks to see if the login ip has an ip already $row['login_ip'] = $_SERVER['REMOTE_ADDR']; } $ip_information = explode("-", $row['login_ip']); // if the ip is different from the ip that is on the database it will store it if (in_array($_SERVER['REMOTE_ADDR'], $ip_information)) { $row['login_ip'] = $row['login_ip']; } else { $row['login_ip'] = $row['login_ip']."-".$_SERVER['REMOTE_ADDR']; } $_SESSION['user_id'] = $row['id'];// stores the id of the user $_SESSION['login_time'] = time(); // stores the log in time of the user $result = mysql_query("UPDATE users SET userip='".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."',login_ip='".mysql_real_escape_string($row['login_ip'])."' WHERE id='".mysql_real_escape_string($_SESSION['user_id'])."'") or die(mysql_error()); // to test that the session saves well we are using the sessions id update the database with the ip information we have received. header("Location: main.php"); // redirects me to main.php } } } } ?> <form id="form1" name="form1" method="post" action=""><center> GAME LOGIN <br /> <br /> Username: <input type="text" name="Username" id="Username" /> <br /> <br /> Password: <input type="password" name="password" id="password" /> <br /> <br /> <input type="submit" name="Login" id="Login" value="Login" /> </center> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
awjudd Posted December 5, 2011 Share Posted December 5, 2011 If you have a value listed in the SET section of your UPDATE query, then it will overwrite whatever value is in there with the value you provide it. So, if you don't want it to be changed, then you need to remove it from your SET section. Does that make sense? ~awjudd Quote Link to comment Share on other sites More sharing options...
Shadowing Posted December 5, 2011 Author Share Posted December 5, 2011 Thanks for the reply awjudd ya thats exactly how I understand what the line does. thats why it doesnt make any sense if I remove it the ip doesnt update its the wierdest thing. the code right above it should be updating my ip. The only thing i can think of is the ip code above just doesnt work and its that 2nd $result line that is actually updating it. I'll run a test and remove the ip code above it and see what happends Quote Link to comment Share on other sites More sharing options...
Shadowing Posted December 6, 2011 Author Share Posted December 6, 2011 is this correct every time $row is excuted it reads this line $results = mysql_query("UPDATE users SET userip='".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."',login_ip='".mysql_real_escape_string($roe['login_ip'])."' WHERE id='".mysql_real_escape_string($_SESSION['user_id'])."'") or die(mysql_error()); I did some process of elimination. one thing i really do not understand is that if I delete below if(empty($roe['login_ip'])){ // checks to see if the login ip has an ip already $roe['login_ip'] = $_SERVER['REMOTE_ADDR']; } the ip address does not get recorded Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted December 6, 2011 Share Posted December 6, 2011 I was just looking through the code. If was me, I would set the current ip before anything. And also use built in functions for storing ip's //gets current ip and converts incomplete ip into proper 4 position ip $ip = long2ip(ip2long($_SERVER['REMOTE_ADDR'])); echo $ip."<br />"; //ready to insert into db $save_ip = ip2long($ip); echo $save_ip."<br />"; //display from db $display_ip = long2ip($save_ip); echo $display_ip; http://php.net/manual/en/function.ip2long.php http://www.php.net/manual/en/function.long2ip.php The only times it was being set was when certain if/else conditions were met. Rethink your logic of how you check and try to make it simpler Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.