|
|
Posted by Jψrn Dahl-Stamnes on 03/11/06 13:43
Andy Jeffries wrote:
> On Sat, 11 Mar 2006 09:03:03 +0100, JΓΈrn Dahl-Stamnes wrote:
>> I use this code to store the IP addresse:
>>
>> <?php
>> $IP = $_SERVER['REMOTE_ADDR'];
>> $query = "update mytable set ipaddr=inet_aton('$IP') where <some
>> code>"; mysql_query ($query);
>> ?>
>>
>> When I do a 'select inet_ntoa(ipaddr) from mytable' most of the
>> ip-addesses shows up correctly, but one showed up as "127.255.255.255",
>> which is meaningless. Comparing to the log, the IP-address was 195.x.x.x
>>
>> Is the $_SERVER['REMOTE_ADDR'] safe to use? Can it be something else that
>> the actual source of the http request to my server?
>
> $_SERVER['REMOTE_ADDR'] can be the address of a proxy (maybe in this case
> an bad anonymising one). I always check if
> $_SERVER["HTTP_X_FORWARDED_FOR"] is set first (most proxies set this
> header to the be the originating IP address).
I found out that it was my own test-server that genereated the
127.255.255.255 adress. But the funny thing is that if I in the php-file
added a 'echo "IP-addr.:" . $_SERVER['REMOTE_ADDR'];' it showed the correct
IP-adresse. But if I called a function from the same php file, which
updated the SQL database with my IP-address, the address had changed to
127.255.255.255. I can't figure out why.
--
JΓΈrn Dahl-Stamnes
http://www.dahl-stamnes.net/dahls/
Navigation:
[Reply to this message]
|