logging Ip address

[primefalcon]

I'm trying to configure my current script to log ip addresses as I've had a number of spammers, It works without the ip logging that I'm trying to implement, but I'm not exactly sure what I'm doing wrong with this, any help would be appreciated

<form action="user_insert.php" method="post" bgcolor="orange">RS Name: <input type="text" name="rs_name" /><p/><?php$address = $_SERVER['REMOTE_ADDR']?><input type="hidden" name="ip_address" value="<?php echo "$address"; ?>" /><p/>URL: <input type="text" name="url" /><p/>Player's Comments:<br/><textarea rows="11" cols="50" name="description" /></textarea><p/></td><p/><br/></tr><tr><td colspan="2"><center><input type="submit" value="Submit Entry" /></center></td></form>

and here's the processing php script

mysql_select_db("runeregistry", $con);$sql="INSERT INTO user_submit (rs_name,ip_address,url,description)VALUES('$_POST[rs_name]','$_POST[ip_address],'$_POST[url]','$_POST[description]')";if (!mysql_query($sql,$con))  {  die('Error: ' . mysql_error());  }echo "<center><b>Thank you for registering.</b><br/>We will add your entry as soon as possible.<p/>Please note, if you do not have a website or blog,<br/>you can easily create a blog <b>free</b> by clicking the link on the left<br/>or by clicking <a href='http://runescaperegistry.com/rrblog'><b>This Link</b></a>.<p/>After you create a blog with us, let us know if you want the link added to your Runescape Registry listing!<br/>Your blog doesn't have to be Runescape related. Just have some fun!!!<br/>However, only websites related to Runescape in some way can be posted on this registry.</center>";mysql_close($con)?>

[zppblood]

Took me awhile, but you don't have a ' after the $_POST[ip_address]

[pulpfiction]

What error you are getting? if its something related to DB insert. try to echo the SQL query to check its correct....

[primefalcon]

thank you mma_fighter123 that has it working now, lol I keep making such simple mistakes with this dang thing and then cant seem to find the missing thing

[primefalcon]

well I was getting the entry back saying of what was being entered into the formbut it's fixed now :-) thank you as well for loo9king here though :-)

[justsomeguy]

I just want to mention that it's not the best idea to write the IP to a hidden form element and then submit it through post. If you do that, the spammer could just as well overwrite the IP that gets submitted with whatever they want. It would be better to just leave the IP out of the form, and get it on the form processing page the same way you get it on the form page. So, instead of reading the IP on the form page, adding it to a hidden form element, submitting it to the processing page, and reading it from post, just read it from the $_SERVER array on the processing page and leave out the other steps.

[primefalcon]

I just want to mention that it's not the best idea to write the IP to a hidden form element and then submit it through post. If you do that, the spammer could just as well overwrite the IP that gets submitted with whatever they want. It would be better to just leave the IP out of the form, and get it on the form processing page the same way you get it on the form page. So, instead of reading the IP on the form page, adding it to a hidden form element, submitting it to the processing page, and reading it from post, just read it from the $_SERVER array on the processing page and leave out the other steps.

Good Idea, I just changed that now, thank you for pointing that out now I just have it as:

<?php$address = $_SERVER['REMOTE_ADDR']?><?php$sql="INSERT INTO user_submit (rs_name,ip_address,url,description)VALUES('$_POST[rs_name]','$address','$_POST[url]','$_POST[description]')";

which works great