Jump to content

SELECT & UPDATE


Shadowing

Recommended Posts

If you do a select query do you always need to do a update query to of everything you selected? otherwise it leaves the value blank? Reason I ask is cause im confused on this one spot of my login script

 

my confusion is it having two $result = in the script.

 

If i remove the second $result my login ip wont be recorded. I just cant make sense of why. Can someone please help me understand how its affecting my log in script i would really appreciate it cause I understand everything out 100 percent accept that.

 

 

 

<? include_once("connect.php"); ?>

<html>
<body>

<?php

if(isset($_POST['Login'])) {
if(!preg_match('/^[A-Za-z0-9]{5,20}$/',$_POST['Username'])) { // checks username format.         
echo "Invalid  Username.";
} else {
	$query = "SELECT password,id,login_ip FROM users WHERE name='".mysql_real_escape_string($_POST['Username'])."'"; 
	$result = mysql_query($query) or die(mysql_error());
	$row = mysql_fetch_array($result); // Search the database and get the password, id, and login ip that belongs to the name in the username field.

	if(empty($row['id'])){
		// check if the id exist and it isn't blank.
		echo "Account doesn't exist.";
	} else {
		if(md5($_POST['password']) != $row['password']){
			// if the account exist this is matching the password with the password typed in the password field.
			echo "Your password is incorrect."; 
		} else {

			if(empty($row['login_ip'])){ // checks to see if the login ip has an ip already 
				$row['login_ip'] = $_SERVER['REMOTE_ADDR'];
				}

				$ip_information = explode("-", $row['login_ip']); // if the ip is different from the ip that is on the database it will store it

				if (in_array($_SERVER['REMOTE_ADDR'], $ip_information)) {
					$row['login_ip'] = $row['login_ip'];
				} else {
					$row['login_ip'] = $row['login_ip']."-".$_SERVER['REMOTE_ADDR'];	
				}

				$_SESSION['user_id'] = $row['id'];// stores the id of the user
				$_SESSION['login_time'] = time(); // stores the log in time of the user


				$result = mysql_query("UPDATE users SET userip='".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."',login_ip='".mysql_real_escape_string($row['login_ip'])."' WHERE id='".mysql_real_escape_string($_SESSION['user_id'])."'")
				or die(mysql_error());

				// to test that the session saves well we are using the sessions id update the database with the ip information we have received.

				header("Location: main.php"); // redirects me to main.php



		     }	
	  }
}	
}

?>					
<form id="form1" name="form1" method="post" action=""><center>
  GAME LOGIN
  <br />
  <br />
  Username:
  <input type="text" name="Username" id="Username" />
  <br />
  <br />
Password:
<input type="password" name="password" id="password" />
  <br />
  <br />
  <input type="submit" name="Login" id="Login" value="Login" />
  </center>
</form>

</body>
</html>

Link to comment
Share on other sites

If you have a value listed in the SET section of your UPDATE query, then it will overwrite whatever value is in there with the value you provide it.  So, if you don't want it to be changed, then you need to remove it from your SET section.

 

Does that make sense?

 

~awjudd

Link to comment
Share on other sites

Thanks for the reply awjudd

 

 

ya thats exactly how I understand what the line does.

 

thats why it doesnt make any sense if I remove it the ip doesnt update its the wierdest thing.

 

the code right above it should be updating my ip. The only thing i can think of is the ip code above just doesnt work and its that 2nd $result line that is actually updating it. I'll run a test and remove the ip code above it and see what happends

Link to comment
Share on other sites

is this correct

every time $row is excuted it reads this line

 

$results = mysql_query("UPDATE users SET userip='".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."',login_ip='".mysql_real_escape_string($roe['login_ip'])."' WHERE id='".mysql_real_escape_string($_SESSION['user_id'])."'")
				or die(mysql_error());

 

 

I did some process of elimination.

 

one thing i really do not understand is that if I delete below

 

if(empty($roe['login_ip'])){ // checks to see if the login ip has an ip already 
				$roe['login_ip'] = $_SERVER['REMOTE_ADDR'];
				}

 

 

the ip address does not get recorded

Link to comment
Share on other sites

I was just looking through the code.

 

If was me, I would set the current ip before anything.

And also use built in functions for storing ip's

 

//gets current ip and converts incomplete ip into proper 4 position ip
$ip = long2ip(ip2long($_SERVER['REMOTE_ADDR']));
echo $ip."<br />";

//ready to insert into db
$save_ip = ip2long($ip);
echo $save_ip."<br />";

//display from db
$display_ip = long2ip($save_ip);
echo $display_ip;

http://php.net/manual/en/function.ip2long.php

http://www.php.net/manual/en/function.long2ip.php

 

The only times it was being set was when certain if/else conditions were met.

Rethink your logic of how you check and try to make it simpler

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.