Page 1 of 2
php ban script. Is this right?
Posted: Sat Dec 11, 2010 12:39 pm
by metjet2
I have two tables in my database.
1. is users which has rows username, and last_ip_address
2. is banned_ips with the row ID, and IP
I have a form that is labeled username and the idea is to put the name of the user that I want to ban into the form, submit it and then it takes the last ip address from that user and copies it into the banned ip row.
The code I have is
Code: Select all
<?
include "login_config.php"; // this is the file from your login script
$con = mysql_connect($db_host, $db_username, $db_password)
or die("Error! Could not connect to database: " . mysql_error());
mysql_select_db($db)
or die("Error! Could not select the database: " . mysql_error());
$safe_username = ($_POST['username']);
$result = mysql_query("SELECT last_ip_address FROM users WHERE
username = $safe_username");
$ip = mysql_result($result, 0, 0);
mysql_query("INSERT INTO banned_ips ('$ip')");
mysql_close($con);
?>
it is not working so I know something is wrong i just cant figure out what
Re: php ban script. Is this right?
Posted: Sat Dec 11, 2010 2:58 pm
by Jonah Bron
Looks like you almost had it, try this.
Code: Select all
<?
include "login_config.php"; // this is the file from your login script
$con = mysql_connect($db_host, $db_username, $db_password)
or die("Error! Could not connect to database: " . mysql_error());
mysql_select_db($db)
or die("Error! Could not select the database: " . mysql_error());
$safe_username = mysql_real_escape_string($_POST['username']);
$result = mysql_query('SELECT last_ip_address FROM users WHERE username = "$safe_username"');
$ip = mysql_result($result, 0, 0);
mysql_query("INSERT INTO banned_ips ('$ip')");
mysql_close($con);
?>
Note I cleaned the username with mysql_real_escape_string, and placed it in quotes in the query. FYI, if you have a query that's mysteriously not working, you can find out what the problem is with mysql_error() like this:
Code: Select all
mysql_query('...') or die(mysql_error());
Re: php ban script. Is this right?
Posted: Sun Dec 12, 2010 12:15 am
by metjet2
I tried your code thank you! But the result is the same. The info is not going into the new banned_ips table
the only error that is displayed is
Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 6 in /home/content/public_html/c/banscript.php on line 13
Re: php ban script. Is this right?
Posted: Sun Dec 12, 2010 9:22 am
by social_experiment
Code: Select all
<?php $ip = mysql_result($result, 0, 0); ?>
Have you tried using mysql_result() without the optional field parameter?
Code: Select all
<?php $ip = mysql_result($result, 0); ?>
Re: php ban script. Is this right?
Posted: Sun Dec 12, 2010 11:57 am
by metjet2
still nothing :\....Maybe its the way I have my databases setup? I have the banned ips table set up like this

Re: php ban script. Is this right?
Posted: Sun Dec 12, 2010 3:25 pm
by social_experiment
The only issue i see on the database is that you are assigning a 50 character field to a 15 character value (xxx.xxx.xxx.xxx) at most.
Two questions:
1. What do you get if you var_dump($ip)
2. mysql_query("INSERT INTO banned_ips ('$ip')") The INSERT syntax looks incorrect, INSERT INTO table (field) VALUES (value)
Re: php ban script. Is this right?
Posted: Sun Dec 12, 2010 7:29 pm
by metjet2
If i do 1. I get bool(false) on the page
and i tried 2. and still no success :\
Re: php ban script. Is this right?
Posted: Mon Dec 13, 2010 3:13 am
by social_experiment
If $ip is 0, it's not returning a value from the query. What does the code for the form look like, the one where $_POST['username'] is submitted from.
Re: php ban script. Is this right?
Posted: Mon Dec 13, 2010 11:11 am
by metjet2
Code: Select all
<form name="input" action="banscript.php" method="post">
Username: <input type="text" name="username" />
<input name="submit" type="submit" id="submit" value="Submit" />
</form>
and banscript.php is the code that is listed above
Re: php ban script. Is this right?
Posted: Wed Dec 15, 2010 8:05 am
by social_experiment
Code: Select all
<?php
// other stuff
$safe_username = ($_POST['username']);
$result = mysql_query("SELECT last_ip_address FROM users WHERE username = $safe_username");
//
while ($array = mysql_fetch_array($result)) {
$ip = $array['last_ip_address'];
}
// rest of your code
?>
Why don't you try using mysql_fetch_array() instead of mysql_result()?
Re: php ban script. Is this right?
Posted: Wed Dec 15, 2010 3:50 pm
by metjet2
I tried that and now I get
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/content/public_html/test/banscript.php on line 14
Just so you know the full code I am using now is
Code: Select all
<?
include "login_config.php"; // this is the file from your login script
$con = mysql_connect($db_host, $db_username, $db_password)
or die("Error! Could not connect to database: " . mysql_error());
mysql_select_db($db)
or die("Error! Could not select the database: " . mysql_error());
$safe_username = ($_POST['username']);
$result = mysql_query("SELECT last_ip_address FROM users WHERE username = $safe_username");
//
while ($array = mysql_fetch_array($result)) {
$ip = $array['last_ip_address'];
}
$ip = mysql_result($result, 0);
mysql_query("INSERT INTO table (banned_ips) VALUES ($ip)");
var_dump($ip) ;
mysql_close($con);
?>
Re: php ban script. Is this right?
Posted: Wed Dec 15, 2010 4:32 pm
by superdezign
Jonah made an error when he told you to use this:
Code: Select all
$result = mysql_query('SELECT last_ip_address FROM users WHERE username = "$safe_username"');
And you made an error when you used this:
Code: Select all
$result = mysql_query("SELECT last_ip_address FROM users WHERE username = $safe_username");
Your error lies in not delimiting your string for SQL. Jonah's error lies in mixing up the single and double quotation marks. In SQL, you can use either to delimit strings. However, to use the PHP variable in it, you must surround the string with double quotes.
Try:
Code: Select all
$result = mysql_query("SELECT last_ip_address FROM users WHERE username = '$safe_username'");
Re: php ban script. Is this right?
Posted: Wed Dec 15, 2010 4:37 pm
by Jonah Bron
Oops

Re: php ban script. Is this right?
Posted: Wed Dec 15, 2010 4:51 pm
by metjet2
Still not working :\...I know it CAN be done I just am completely stumped at this point
Re: php ban script. Is this right?
Posted: Wed Dec 15, 2010 5:05 pm
by Jonah Bron
What error do you get now?