Home/ Questions/Q 7091267
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T08:09:50+00:00

i Have a Script for my shop for a game where after they buy

  • 0

i Have a Script for my shop for a game where after they buy something they cant buy anything for 1 week. but i cannot get this script to work. Can Someone Explain to me How to Set up The MySql Database to block the user?

<?php
// Purge records
mysql_query("DELETE FROM ip_table WHERE access_date < DATE_SUB(CURDATE(), INTERVAL 168 HOUR)");

$ip = $_SERVER['REMOTE_ADDR'];
$result = mysql_query("SELECT ip FROM ip_table WHERE ip = '$ip'");
if($result){
  die("TOS: You cannot access this for 1 Week, Security Measure");
} 
else {
  $result = mysql_query("INSERT INTO ip_table (ip, access_date) VALUES ('$ip', NOW())");
  echo "Thank you For your Purchase. you Have been Blocked For 1 Week due to a Security Measure.";
}
?>

All help is appreciated. thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Don’t check with if ($result), as that will return a valid result resource, even if it has no rows. Therefore, it will always enter the die() block.

    Instead check mysql_num_rows() to see if a row was returned from this query, in addition to testing for FALSE in $result, which indicates an error in the query.

    $result = mysql_query("SELECT ip FROM ip_table WHERE ip = '$ip'");
if($result && mysql_num_rows($result) > 0){
  die("TOS: You cannot access this for 1 Week, Security Measure");
}

    Note:

    Though it should not be possible to launch a SQL injection attack from $_SERVER['REMOTE_ADDRESS'], get in the habit of escaping the values in $_SERVER anyway:

    $ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);

    Update

    If you haven’t yet figured out how to create this table, here’s the statement which will do it:

    CREATE TABLE ip_table (
  ip VARCHAR(15) NOT NULL,
  access_date TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
);

    One issue to consider: Multiple users can appear to your web server as coming from the same originating IP, if they are behind a NAT, a corporate or a school network. You are advised to add some other identifier to the user if you can.

    Basic MySQL connection pattern:

    $conn = mysql_connect("localhost", "someusername", "thepassword");
if (!$conn) {
  // Error connecting.
}
else {
  mysql_select_db("yourDatabaseName");
}
// Now you can call mysql_query()...
    • 0