|
|
Posted by Andy Jeffries on 03/11/06 12:07
On Sat, 11 Mar 2006 09:03:03 +0100, Jørn Dahl-Stamnes wrote:
> I use this code to store the IP addresse:
>
> <?php
> $IP = $_SERVER['REMOTE_ADDR'];
> $query = "update mytable set ipaddr=inet_aton('$IP') where <some code>";
> mysql_query ($query);
> ?>
>
> When I do a 'select inet_ntoa(ipaddr) from mytable' most of the
> ip-addesses shows up correctly, but one showed up as "127.255.255.255",
> which is meaningless. Comparing to the log, the IP-address was 195.x.x.x
>
> Is the $_SERVER['REMOTE_ADDR'] safe to use? Can it be something else that
> the actual source of the http request to my server?
$_SERVER['REMOTE_ADDR'] can be the address of a proxy (maybe in this case
an bad anonymising one). I always check if
$_SERVER["HTTP_X_FORWARDED_FOR"] is set first (most proxies set this
header to the be the originating IP address).
Cheers,
Andy
--
Andy Jeffries MBCS CITP ZCE | gPHPEdit Lead Developer
http://www.gphpedit.org | PHP editor for Gnome 2
http://www.andyjeffries.co.uk | Personal site and photos
[Back to original message]
|