On Wed, 2010-06-23 at 12:21 +0300, Tanel Tammik wrote: > "Michael Shadle" <mike503@xxxxxxxxx> wrote in message > news:AANLkTildd_GdnlfFPuWDX5acWWK45jbU4I6YBbmGJ6qj@xxxxxxxxxxxxxxxxx > > On Wed, Jun 23, 2010 at 12:06 AM, Rene Veerman <rene7705@xxxxxxxxx> wrote: > >> unlikely. it's a apache delivered ip address.. very little chance of > >> insert vulnerabilities, imho. > > > > still, the overhead for a db escape is better than your site being > > trashed. > > > > also, you could look at converting the IP to an INT(10) (at least for > > IPv4) and save > > > > ip in string - 123.456.789.123 - up to 15 bytes - varchar(15) > > ip in integer format - 4 bytes - int(10) > > > > I've done this on a variety of projects. Arjen even mentions it back in > > 2005: > > > > http://arjen-lentz.livejournal.com/44290.html > > > > It does make things a bit harder to read, and at one point I did get > > different results when calculating it in PHP vs. MySQL (I forget when > > and how, and haven't seen the issue again) but if you're looking for > > IP ranges it can come in handy too - integer math is much cleaner than > > IP address math :) > > how do i convert it? with ip2long() or in sql with INET_ATON()? > > Br Tanel > > > That's what I'd use. You may also have to wrap it inside an abs() call to ensure it's a positive number, as some IP addresses equate to negative with ip2long(). The benefit of converting it to a number I've found is that searching can become much faster as it's easier to perform a simple number comparison search to find if a given IP address is within a range than perform more complex string queries to determine if an IP address is within a range. You will, as well, benefit from a smaller table, as it uses far less space to store a number than a string of up to 15 characters. Also, if you're looking to use one of the ip2country type databases to determine the rough geographical location of your visitors, they use the IP number system. Thanks, Ash http://www.ashleysheridan.co.uk
