You have an error in your request, try this:

$res = $mysqli->query('SELECT * FROM users WHERE ip = "' . $ip . '" AND id_rating = ' . $id) or die (mysql_error());

Some questions (instead of answers) just want to take, and gouge.
To answer such - only to spoil the gene pool of mankind.
So that an illiterate shkolota does not accuse of unfoundedness, let's briefly go through the rake laid out in this typical code, alas, for a mess:
1. We connect to the database for each request, and immediately close the connection.
2. getIp() - inside there is a classic shit code for getting an IP address from HTTP headers, which shkolota from generation to generation passes on to each other as secret knowledge.
3. and immediately substitute the received address into the request, receiving an injection.
4. Learning syntax using copy-paste is a terrible thing. Well, how can you not get confused in these incomprehensible dots and quotation marks? The inability to distinguish SQL code from PHP code has been passed down from generation to generation.
5. Also mindless copy-paste leads to constructions like $res = $ mysqli ->query('...') or die ( mysql _error());
6. The entire construction tells us that the mysql ext ban hysteria was absolutely pointless. The devastation is not in the extensions, but in the heads. Who with his head on his shoulders - he himself would begin to use something new, without prohibitions. And who, in the old fashioned way, without connecting the head, will not be helped by any prohibitions on writing the same vulnerable shit code.

go to base)