Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Creating an sql database to store an ip adress

  1. #1
    Join Date
    Mar 2011
    Posts
    1,919
    Thanks
    59
    Thanked 105 Times in 103 Posts
    Blog Entries
    4

    Default Creating an sql database to store an ip adress

    Hi everyone, I am trying to make a database that will store someones ip adress and name.

    Here is the code


    PHP Code:
    <?php
    // Make a MySQL Connection
    mysql_connect("********""**********""********") or die(mysql_error());
    mysql_select_db("*********") or die(mysql_error());

    // Create a MySQL table in the selected database
    mysql_query("CREATE TABLE ipadress(
    id INT NOT NULL AUTO_INCREMENT, 
    PRIMARY KEY(id),
     name VARCHAR(30), 
     ipadress VARCHAR(30)"
    )
     or die(
    mysql_error());  

    echo 
    "Table Created!";

    ?>
    There is an error when I try and run it. Any help is appreciated.
    Last edited by keyboard; 07-27-2011 at 04:22 AM.

  2. #2
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    missed the closing parentheses

    Code:
    "CREATE TABLE ipadress(
    id INT NOT NULL AUTO_INCREMENT, 
    PRIMARY KEY(id),
     name VARCHAR(30), 
     ipadress VARCHAR(30))"
    if it still won't work, post the error you're receiving.
    Last edited by traq; 07-19-2011 at 07:18 AM.

  3. #3
    Join Date
    Mar 2011
    Posts
    1,919
    Thanks
    59
    Thanked 105 Times in 103 Posts
    Blog Entries
    4

    Default

    PHP Code:
    <?php
    // Make a MySQL Connection
    mysql_connect("****""*****""*****") or die(mysql_error());
    mysql_select_db("*****") or die(mysql_error());

    // Create a MySQL table in the selected database
    mysql_query("CREATE TABLE ipadress(
    id INT NOT NULL AUTO_INCREMENT, 
    PRIMARY KEY(id),
     name VARCHAR(30), 
     ipadress VARCHAR(30))"
     
    or die(mysql_error())  
    ?>

    Thats the code. I did what you said but now its coming up with a new error.


    Parse error: syntax error, unexpected ';' in /home1/keyboard/public_html/databasing.php on line 13


    I counted the lines and it it the very last one ( The ?>) There isn't even a semi colon in that line. I'm very confused. Any help would be appreciated.
    Last edited by keyboard; 07-21-2011 at 09:21 AM.

  4. #4
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    just more typos

    if you indent your code more regularly, and/or use a text editor with syntax highlighting, it will be easier to track what's closed and what's unclosed.

    the line php reports an error is not always the line where the error occurred: it's just the line where php decided it couldn't recover.
    Code:
    don't copy-and-paste this.  
    for clarity, I did not use php-style comments.
    
    mysql_query(
       "CREATE TABLE ipadress( 
           id INT NOT NULL AUTO_INCREMENT,  
           PRIMARY KEY(id), 
           name VARCHAR(30),  
           ipadress VARCHAR(30)  <--that's where the length argument for the ipadress column ends
       )"    <--that's where the ipadress table arguments end
    )  <--that's where the mysql_query argument ends (was missing)
     or die(mysql_error());   <-- semicolon was missing
    Last edited by traq; 07-19-2011 at 07:25 AM.

  5. #5
    Join Date
    Mar 2011
    Posts
    1,919
    Thanks
    59
    Thanked 105 Times in 103 Posts
    Blog Entries
    4

    Default

    Yep changed that and it worked. got another question. Is there any reason this wouldn't work?

    PHP Code:
    <?php
    // Make a MySQL Connection
    mysql_connect("localhost""****""****") or die(mysql_error());
    mysql_select_db("****") or die(mysql_error());
     
    $cheese $_POST['name'];
    $cheesy $_SERVER['REMOTE_ADDR']
    mysql_query("INSERT INTO ipadress 
    (name, ipadress) VALUES('
    $cheese', '$cheesy' ) "
    or die(
    mysql_error());  
     

    echo 
    "Data Inserted!";

    ?>
    Last edited by keyboard; 07-19-2011 at 08:22 AM.

  6. #6
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    you need to validate your user input. (I'm assuming this is related to your other thread - you should consider having only one thread per topic, it's a lot easier to follow and gives a clearer picture of what you're doing.)

    assuming you're validating $_POST['name'] against ^[- 'A-Za-z]+$, then you still need to use mysql_real_escape_string() (since you're allowing apostrophes). If you validate in a way that excludes dangerous characters, then you can safely skip mysql_real_escape_string(), but doing it anyway will never cause any harm - better safe than sorry!

    also, while not a critical problem, you shouldn't be using die() for error handling.
    PHP Code:
    // instead of dying:
    mysql_query("INSERT blah blah") or die();
    // you should deal with the error:
    $result mysql_query("INSERT blah blah");
    if(
    mysql_affected_rows() !== 1){ 
        
    /* mysql error and/or INSERT failed, give error message. */ 


  7. #7
    Join Date
    Mar 2011
    Posts
    1,919
    Thanks
    59
    Thanked 105 Times in 103 Posts
    Blog Entries
    4

    Default

    I tried to run the script. (haven't put in the validation) and it wouldn't work. Came up with this error

    Parse error: syntax error, unexpected T_STRING in /home1/keyboard/public_html/databasingthesecond.php on line 8


    any help would be appreciated.

  8. #8
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    PHP Code:
    <?php
    // Make a MySQL Connection
    mysql_connect("localhost""****""****") or die(mysql_error());
    mysql_select_db("****") or die(mysql_error());
     
    $cheese mysql_real_escape_string($_POST['name']); // <-- even if you validate the name, do at least this
    $cheesy $_SERVER['REMOTE_ADDR']; // <-- you forgot that semicolon
    mysql_query("INSERT INTO ipadress 
    (name, ipadress) VALUES('
    $cheese', '$cheesy' ) "
    or die(
    mysql_error());  
     

    echo 
    "Data Inserted!";

    ?>

  9. #9
    Join Date
    Mar 2011
    Posts
    1,919
    Thanks
    59
    Thanked 105 Times in 103 Posts
    Blog Entries
    4

    Default

    mysql_real_escape_string

    What does that do?

  10. #10
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    it adds slashes in front of characters that have special meaning in sql statements (specifically, \x00, \n, \r, \, ', " and \x1a) in order to make sure your input is treated as a string and nothing in the string causes parse errors or can be used in an attack. Learn more here.

    when in doubt, use it on every value you insert into a mysql statement. If nothing needs to be escaped, then it won't do any harm.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •