Need help with a ip php script

General PHP Help
#1

I am using ip2nation script to make the users in differnt countries (Country based redirection)to goto their “home” site.
I have 4 databases, one in .com one com/uk and one .com/ca, and one for this script

I am from canada, so it send me to that site automatically. I can goto the uk site and see it, but when I try to got the main us site, it redirects me to my “home” site canada

I would like help to either make an exception for my ip. or make it so that if someone want to goto a US site, but they are from Canada or UK, then they can just click on flags and go…

Any help would be appreciatted.
here is sample script. I configered to my specs, worls great, maybe too good…

Sample Scripts: Country based redirection

<?php
	
	$server   = ''; // MySQL hostname
	$username = ''; // MySQL username
	$password = ''; // MySQL password
	$dbname   = ''; // MySQL db name
	
	
	$db = mysql_connect($server, $username, $password) or die(mysql_error());
	      mysql_select_db($dbname) or die(mysql_error());
			
	$sql = 'SELECT 
	            country
	        FROM 
	            ip2nation
	        WHERE 
	            ip < INET_ATON("'.$_SERVER['REMOTE_ADDR'].'") 
	        ORDER BY 
	            ip DESC 
	        LIMIT 0,1';
	
	list($country) = mysql_fetch_row(mysql_query($sql));
	
	switch ($country) {
		case 'se':
			// Get the swedish to a swedish newssite
			header('Location: http://www.thelocal.se/');
			exit;
		case 'us':
			// And let the folks from american go to CNN
			header('Location: http://www.cnn.com/');
			exit;
		default:
			// The rest can go to BBC
			header('Location: http://www.bbc.co.uk/');
			exit;
	}
	
?>
#2

I see a few no-no’s in there.

Your SQL query contains $_SERVER[‘REMOTE_ADDR’]. That’s very nice 'n all, but the $_SERVER array is not safe. Users can inject code into it. You wouldn’t want its value to be something like

'; DROP DATABASE --'

Look up SQL Injection on your favorite search engine to read up on this killer bug and secure your query.

Next, it looks like you’re showing different content based on the user’s IP address. That’s not very user-friendly. What if I’m from the UK, but use a Swedish proxy server to browse your site? You’ll detect a Swedish IP address, and give me a Swedish page that I don’t understand at all.

Best practice is to give the user a landing page, containing flags or something, so the user can choose for themselves in which language/which version the website should be.

Sponsor our Newsletter | Privacy Policy | Terms of Service