View Full Version : PHP/Mysql/IP block

12-21-2007, 11:27 AM
Hi everyone,
I have got a script at the top of my index page that blocks IP addresses and this successfully works. But now i am trying to store the IP's in a mysql database so i can update/add new ones from an admin section on my website. here is the code i have come up with. but it doesnt work :)

mysql_connect("localhost", "user", "pass") or die(mysql_error());
mysql_select_db("db") or die(mysql_error());
$query = mysql_query("SELECT * FROM `adminip` WHERE id='1'");
$row = mysql_fetch_array($query);

$deny = array( $row[content]);
if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
echo("You have been blocked from --mywebsite--. if an error has occured, please fill out the following form.");

Where i put $row[content] is where i want the listed ip's to appear.
The database looks like this..

"111.111.111", "222.222.222", "333.333.333"

all help appreciated!


SeeIT Solutions
12-21-2007, 11:36 AM
Does that mean the database looked like this?

id content
1 "","222.222........"

If not, the above code won't work. Paste more of the structure of the database. Censor any sensitive information, but at least give all the info.

12-21-2007, 11:45 AM
yep sorry thats what it looks like with only the one row

id content
1 "", "", "333.333.333.333"


SeeIT Solutions
12-21-2007, 11:51 AM
The only thing I can think of then is the "" are being included. Try either removing them from the database or adding them to the comparison eg:

in_array ('"'.$_SERVER['REMOTE_ADDR'].'"', $deny)) {

12-21-2007, 12:00 PM
Echo $deny to see what it actually contains.

The point of using a database would be to make your code general purpose and simplier. By storing a list of ip addresses in one single row, you are now totally dependent on the format of that row being correct. I recommend storing each IP address in its own row. This will also allow you to perform the comparison in the query instead of needing to fetch the row from the database, put it into an array and use PHP to perform the comparison.

12-21-2007, 02:50 PM
When i echo $deny it simply comes out as

thats with the " in the database and i get the same result if i put the " in the code as you suggested.

How would i go about putting each ip into a new line?

12-21-2007, 02:59 PM
Upon further review. Your code that sets $deny won't work as is anyway. It sets a single array element with what came from the database, instead of separate elements with each separate value in the string that came from the database.

To make a new row for each IP address, just do an INSERT query with the value from your form. You are probably doing an UPDATE now (read the existing row, display it on your form, modify it in the form field, submit the form, run an UPDATE query.)

SeeIT Solutions
12-21-2007, 09:42 PM
It will work if he keeps his database as it is (well, should work).

I agree though, changing the database is a much better option. As you have it now, it is as good as a text file. Except that no-one can direct link to it.

12-21-2007, 09:47 PM
You cannot directly put a variable with coma-separated values into an array and create separate array elements. It would require that the string be in the correct format to start with and explode it to produce the array elements.

12-22-2007, 02:20 AM
Even if you were going to store all of the IPs in one column you don't need the quotes around the IPs.