为啥我的 IP 检查方法不起作用? PHP/Mysqli
Posted
技术标签:
【中文标题】为啥我的 IP 检查方法不起作用? PHP/Mysqli【英文标题】:Why is my IP checking method not working? PHP/Mysqli为什么我的 IP 检查方法不起作用? PHP/Mysqli 【发布时间】:2018-11-04 17:07:48 【问题描述】:为什么我通过 IP 地址检查双重投票的尝试无法正常工作?
if ($qtype === "sc")
// single choice has only one select item
// check whether user has already answered this question
$i=0;
$res = mysqli_query($mysqli, "SELECT ip FROM votedanswers WHERE ip = \"".$ip."\" and qID = \"".$qID."\"");
while($obj = mysqli_fetch_object($res))
$i = $i+1;
if ($i > 0)
echo "your vote has already been counted";
else
//insert data
$res = mysqli_query($mysqli, "INSERT INTO votedanswers (ip, qID, qQuestion, aID) VALUES ('$ip', '$qID', '$quest', '$aID')");
echo "your vote has been counted";
else
echo "nope!";
`
不久前测试过,一切都很好。但现在我可以随心所欲地投票。
【问题讨论】:
您的代码容易受到SQL injection 攻击。您应该通过mysqli 或PDO 使用带有绑定参数的预处理语句。 This post 有一些很好的例子。 【参考方案1】:试试这个:
if ($qtype === "sc")
// single choice has only one select item
// check whether user has already answered this question
$i=0;
$res = mysqli_query($mysqli, "SELECT ip FROM votedanswers WHERE ip = \"".$ip."\" and qID = \"".$qID."\"");
while($obj = mysqli_fetch_assoc($res))
$i = $i+1;
if ($i > 0)
echo "your vote has already been counted";
else
//insert data
$res = mysqli_query($mysqli, "INSERT INTO votedanswers (ip, qID, qQuestion, aID) VALUES ('$ip', '$qID', '$quest', '$aID')");
echo "your vote has been counted";
else
echo "nope!";
另请参考:How can I prevent SQL injection in php?
【讨论】:
以上是关于为啥我的 IP 检查方法不起作用? PHP/Mysqli的主要内容,如果未能解决你的问题,请参考以下文章
为啥 getExternalFilesDirs() 在某些设备上不起作用?
不知道为啥我的自定义 UICollectionViewCell 不起作用?