cunoodle2 Posted May 23, 2009 Share Posted May 23, 2009 Is there a way for someone to inject via modifying their "$_SERVER ['SERVER_ADDR'];" variable? If so do you protect against it somehow? Is there a way to scan it to make sure that it is only numbers and periods? Link to comment https://forums.phpfreaks.com/topic/159342-do-you-clean-_server-server_addr-to-prevent-injections/ Share on other sites More sharing options...
trq Posted May 23, 2009 Share Posted May 23, 2009 If so do you protect against it somehow? That would depend. Any variable being used within a database query should be properly escaped. Is there a way to scan it to make sure that it is only numbers and periods? Yeah, you could use a regular expression. Link to comment https://forums.phpfreaks.com/topic/159342-do-you-clean-_server-server_addr-to-prevent-injections/#findComment-840436 Share on other sites More sharing options...
cunoodle2 Posted May 23, 2009 Author Share Posted May 23, 2009 I appreciate the input. I guess you can never be too careful with anything these days. I put together a VERY BASIC function just in case anyone else ever wants to use it in the future. <?php //check an IP address. If its properly formatted it returns true if not it returns false function IsIP($text) { if (preg_match('/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/', $text)) { return TRUE; } else { return FALSE; } }?> If anyone has any input on possibly how to make my function faster and/or more secure I'm always open for input. Link to comment https://forums.phpfreaks.com/topic/159342-do-you-clean-_server-server_addr-to-prevent-injections/#findComment-840460 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.