push array into array in a different file

[djr33]

There's a weird property of MySQL with deletion: mysql_num_rows() isn't accurate. I can't remember exactly how it works, but there's an alternative: mysql_affected_rows(), and that will work the same way. You have to use those two alternatively since one works some times and the other for the other times. It's confusing.

Your script should be working just fine (except the respond messages are wrong, but it's still "working"). Realistically, you don't even need to check if it was deleted since it's always the same result: any/every instance of an IP in the DB that matches will be deleted. Therefore after this there will be no more entries with that IP, so it is removed. It might have been there before or not, but it will still be "gone" even if it wasn't there. In other words, in the rare case that someone tries to delete an IP that wasn't in the DB, they'll still be getting what they wanted.

One important piece of information is that you should always be escaping the data in the database. At best, it might sometimes break the query and give an error, and at worst it might actually allow someone to hack the database. If this is just your mods who can do it, that's a little safer, but still it's best to be careful. Just apply this function to any user-input that is going into the database:
$var = mysql_real_escape_string($var);

In this case, do that for the IP.

[baconDelta]

naw those echos are working correctly since it checks for affected rows ==1 not ==0. yeah i hear what you're saying but i figure it should be accurate since maybe in the future this will be useful. for instance if someone is having trouble accessing the site we can check the ban list and know for sure there is not an entry. i'm just picky like that i guess.

alright i used real escape. i just shoved it in right before the call to the db:

PHP Code:

        $time = date("y/m/d : H:i:s", time());
        $ban_this = $_POST["ip"];
        $why = $_POST["why"];
        $ban_this = mysql_real_escape_string($ban_this);
        $sql="INSERT INTO banned (IP, TIME, REASON)
              VALUES('$ban_this', '$time', '$why')"; 


i'm not sure how to test if it's working though since i've never hacked a db lol. hopefully that's right. thanks for all your help dan

[djr33]

That escaping is fine. But do the same for $why also. You don't need to worry for $time since that's generated internally and unless you made a mistake, it won't cause any MySQL parse errors (and certainly won't hack the database)-- it won't hurt, though, just in case there's ever a weird character that shows up in there.

As long as the deleting is working, that's fine I guess. Post the final code if you want me to take a look. mysql_num_rows() will probably be inaccurate (at least in some cases) with a DELETE query, though, so be aware of that.