-2

I am trying to retrieve some value from a column in the database. The idea is to retrieve the IP of the person, then check their country, after that check the database if the country is blacklisted or not. There seems to be something wrong in the code, may you please give an advise?

This is the code:

<?php

//Get IP and country name
$ip=$_SERVER['REMOTE_ADDR'];
$details = json_decode(file_get_contents("https://get.geojs.io/v1/ip/country/$ip.json"));
$country=$details->name;
            
            
$servername = "localhost";
$username = "My_Username";
$password = "My_password";
$dbname = "Database_name";


$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
  die("Connection failed: " . $conn->connect_error);
}

$sql = "SELECT country_name  FROM uni_country";
$result = $conn->query($sql);

if (strpos($result, $country) == true) {
    echo $country ." " . "is banned";
  
} else {
echo "Your country is not banned";
}
$conn->close();



?>

When I run it, it shows "Your country is not banned" - when it should actually say that my country is banned (I added a country to the database to test this).

The issue seems to be with reading the data from the database. If I do echo $country; --> It actually shows my country, so it is retrieving it correctly (from geojs.io). But the code is not pulling the data from the database and verifying it.

Update: If I do echo $result; the page returns Error 500.

Update tried this new code, now it's saying that the country is not in the database, although it is actually there.

<?php


$ip=$_SERVER['REMOTE_ADDR'];
$details = json_decode(file_get_contents("https://get.geojs.io/v1/ip/country/$ip.json"));
$country=$details->name;
            
            



$conn =  mysqli_connect("localhost", "database", "password", "username");
$query = mysqli_query("SELECT * FROM `uni_country` WHERE country_name = '$country'");
if(mysqli_num_rows($query)>0) {
    echo "Country Is in the database";
}

else {
    echo "Country is not in the database";
}


?>
The Curious Cat
  • 7
  • 1
  • 2
    What precisely happens when you run the code? Remember we can't run it, and your vague description doesn't give us any clues about the issue. – ADyson Oct 01 '22 at 23:03
  • Hi, I modified the question, thanks for pointing that out! – The Curious Cat Oct 01 '22 at 23:06
  • `When I run it, it shows "0 results"` can you clarify please - there’s no code in the question that would do that. It’s still unclear what the problem could be, or really what you are expecting to happen. Some questions to guide you: What Ip is the code obtaining? What is the http request returning? Why are there no conditions in the sql query? Please edit the question to address. – AD7six Oct 01 '22 at 23:24
  • I modified the question, thank you all for answering – The Curious Cat Oct 02 '22 at 01:21
  • Does this answer your question? [Using an array as needles in strpos](https://stackoverflow.com/questions/6284553/using-an-array-as-needles-in-strpos) – Bagus Tesa Oct 02 '22 at 01:33
  • or use [`in_array`](https://www.php.net/manual/en/function.in-array.php) instead, given `$result` is an array. – Bagus Tesa Oct 02 '22 at 01:34
  • echo debugging is good and all, but one does not simply `echo` an array. use `var_dump` instead. – Bagus Tesa Oct 02 '22 at 01:36
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Oct 02 '22 at 09:19

1 Answers1

-1

After trying for hours, this is the correct code:

<?php


$ip=$_SERVER['REMOTE_ADDR'];
$details = json_decode(file_get_contents("https://get.geojs.io/v1/ip/country/$ip.json"));
$country=$details->name;
            

// Create connection
$servername = "localhost";
$username = "MyUsername";
$password = "MyPassword";
$database = "MyDatabase";

$conn = new mysqli($servername, $username, $password, $database);


$sql = "SELECT * FROM uni_country WHERE country_name ='$country'";
$result = $conn->query($sql);

if ($result->num_rows > 0) {
  
  while($row = $result->fetch_assoc()) {
    echo   "You country is currently banned.";
  }
} else {
  echo "Your country is not banned!";
}

?>
The Curious Cat
  • 7
  • 1