By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,963 Members | 1,249 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,963 IT Pros & Developers. It's quick & easy.

PHP mySQL Contact Form IP Address check to see if it exists

P: 2
I have a contact form that submits into a mySQL db, sanitizes it and emails it as well. It was working correctly but I am trying to add this bit of code that will check the DB for the users IP, disallowing a submission if the IP is already present.

It's a contest, so I don't want multiple submissions from the same IP.

It isn't throwing back any errors. Everything is working fine except it is allowing me to submit multiple times.

I suspect it's this code:
Expand|Select|Wrap|Line Numbers
  1. $QUERY = "SELECT COUNT(IP) AS `count` FROM `contest` WHERE IP = 'value'";
  2.     $RESULT = mysql_query($QUERY) or die(mysql_error());
  3.  
FULL CODE:
Expand|Select|Wrap|Line Numbers
  1.  
  2. <?php //include the connection file
  3.  
  4. require_once('connection.php');
  5.  
  6.  
  7. function sanitize($value, $type)
  8. {
  9.   $value = (!get_magic_quotes_gpc()) ? addslashes($value) : $value;
  10.  
  11.   switch ($type) {
  12.     case "text":
  13.       $value = ($value != "") ? "'" . $value . "'" : "NULL";
  14.       break;
  15.     case "long":
  16.     case "int":
  17.       $value = ($value != "") ? intval($value) : "NULL";
  18.       break;
  19.     case "double":
  20.       $value = ($value != "") ? "'" . doubleval($value) . "'" : "NULL";
  21.       break;
  22.     case "date":
  23.       $value = ($value != "") ? "'" . $value . "'" : "NULL";
  24.       break;
  25.   }
  26.  
  27.   return $value;
  28. }
  29.  
  30. //save the data on the DB and send the email
  31.  
  32. if(isset($_POST['action']) && $_POST['action'] == 'submitform')
  33. {
  34.     //recieve the variables
  35.  
  36.     $firstname = $_POST['firstname'];
  37.     $lastname = $_POST['lastname'];
  38.     $email = $_POST['email'];
  39.     $ip = gethostbyname($_SERVER['REMOTE_ADDR']);
  40.  
  41.     mysql_select_db($database, $connection);
  42.     $QUERY = "SELECT COUNT(IP) AS `count` FROM `contest` WHERE IP = 'value'";
  43.     $RESULT = mysql_query($QUERY) or die(mysql_error());
  44.  
  45.     // Read the firs row
  46.     $row = mysql_fetch_assoc($RESULT);
  47.  
  48.     // Check how many rows MySQL counted
  49.     if($row['count'] > 0) {
  50.     echo "value already exists";
  51.     }
  52.     else {
  53.  
  54.     //save the data on the DB
  55.  
  56.     mysql_select_db($database, $connection);
  57.  
  58.     $insert_query = sprintf("INSERT INTO contest (First_Name, Last_Name, Email_Address, Date, ip) VALUES (%s, %s, %s, NOW(), %s)",
  59.                             sanitize($firstname, "text"),
  60.                             sanitize($lastname, "text"),
  61.                             sanitize($email, "text"),
  62.                             sanitize($ip, "text"));
  63.  
  64.     $result = mysql_query($insert_query, $connection) or die(mysql_error());
  65.  
  66.     if($result)
  67.     {
  68.         //send the email
  69.  
  70.         $to = "EMAIL ADDY";
  71.         $subject = "SUBJECT";
  72.  
  73.         //headers and subject
  74.         $headers  = "MIME-Version: 1.0rn";
  75.         $headers .= "Content-type: text/html; charset=iso-8859-1rn";
  76.         $headers .= "From: ".$firstname." <".$email.">rn";
  77.  
  78.         $body = "New contact
  79. ";
  80.         $body .= "First Name: ".$firstname."
  81. ";
  82.         $body .= "Last Name: ".$lastname."
  83. ";
  84.         $body .= "Email: ".$email."
  85. ";
  86.         $body .= "IP: ".$ip."
  87. ";
  88.  
  89.         mail($to, $subject, $body, $headers);
  90.  
  91.         //ok message
  92.  
  93.         header ('Location: thanks.html');
  94.         exit ();
  95.     }
  96. }
  97. }
  98.  
  99. ?>
  100.  
Any help mucho appreciated!
Sep 28 '11 #1

✓ answered by dlite922

you forgot the dollar sign on value in your query.

And your calling your variable $ip. ? so why are you saying IP = 'value' in your query?

shouldn't it be IP = '$ip' ?

I see you're not even calling sanitize (which is absolutely horrendous by the way) on $ip.

Please use code tags [ CODE ] !!

dAN

Share this Question
Share on Google+
2 Replies


dlite922
Expert 100+
P: 1,584
you forgot the dollar sign on value in your query.

And your calling your variable $ip. ? so why are you saying IP = 'value' in your query?

shouldn't it be IP = '$ip' ?

I see you're not even calling sanitize (which is absolutely horrendous by the way) on $ip.

Please use code tags [ CODE ] !!

dAN
Sep 28 '11 #2

P: 2
perfect dlite922... I'm an idiot, missed that. PHP Noob :/

Works great now!

I am calling sanitize on $ip down below though, at least I think its correct.

Expand|Select|Wrap|Line Numbers
  1. $insert_query = sprintf("INSERT INTO contest (First_Name, Last_Name, Email_Address, Date, ip) VALUES (%s, %s, %s, NOW(), %s)",
  2. sanitize($firstname, "text"),
  3. sanitize($lastname, "text"),
  4. sanitize($email, "text"),
  5. sanitize($ip, "text"));
  6.  
Sep 28 '11 #3

Post your reply

Sign in to post your reply or Sign up for a free account.