Getting customer IP insert into Database

Question

Ive been trying to get the registered members ip to insert into the databse,
my current code is as follows:

$ip = $_SERVER['REMOTE_ADDR'];

if(mysqli_query($con, "INSERT INTO users(name,email,password,ip) VALUES('" . $name . "', '" . $email . "', '" . md5($password) . "', '$ip')")) {
        $successmsg = "Successfully Registered! <a href='login.php'>Click here to Login</a>";
    } else {
        $errormsg = "Error in registering...Please try again later!";
    }

When it inserts into the database, it inputs a completely different string.
Database fields

Structure

***You really shouldn't use [MD5 password hashes](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure)*** and you really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. Make sure you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Dec 29 '16 at 14:50
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) — Jay Blanchard, Dec 29 '16 at 14:50
It looks like maybe your database field is of an integer type, it won't accept a string. — Devon Bessemer, Dec 29 '16 at 14:51
you haven't said what your IP address field is or what your data looks like but I am guessing that it's the numerical representation of the IP address that's being stored — e4c5, Dec 29 '16 at 14:51
`int(255)`, really? make that `varchar(255)`, which is "one" way. — Funk Forty Niner, Dec 29 '16 at 14:54
I just assumed it would be an int, as it is numbers? My bad for trying. — ted baker, Dec 29 '16 at 14:55
if it's just integers, then see the duplicate it was closed with. — Funk Forty Niner, Dec 29 '16 at 14:55
Well, the IP it is inserting into the database, isn't even my IP?! The hell? — ted baker, Dec 29 '16 at 14:56
The fact, it *is* an int aside, but where did you seen integers with *dots*? — Your Common Sense, Dec 29 '16 at 14:57
then, that's a whole different ballgame, echo it out, what does it show? — Funk Forty Niner, Dec 29 '16 at 14:57
@tedbaker, seems you need to go back to programming basics. Not trying to be rude or anything, just blunt. You should know the basics of what an integer, float, boolean, and string are before programming. — Devon Bessemer, Dec 29 '16 at 14:58
Its inserting the IP in the database now, but it is inserting not my IP. I have just double checked this. 141.xxx.xxx.171, my ip is is actually: 2.xxx.xxx.132 — ted baker, Dec 29 '16 at 14:58
@tedbaker are you on a proxy? See this Q&A also http://stackoverflow.com/q/444966/1415724 and http://stackoverflow.com/q/12970821/1415724 could be relevant. — Funk Forty Niner, Dec 29 '16 at 15:03
It was getting the address off from my cloudflare for some strange reason, I have changed the $ip = $_SERVER['REMOTE_ADDR'] to
if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } — ted baker, Dec 29 '16 at 15:07
@tedbaker Great. Well, in all fairness to the question and the real problem, I reopened it but marked it as another duplicate. I couldn't close it in one go, since I already voted earlier. — Funk Forty Niner, Dec 29 '16 at 15:13

Getting customer IP insert into Database

0 Answers0