Jump to content

is this safe


Ninjakreborn

Recommended Posts

Ok, just making sure, only one thing, it's killing the ip address. it cut's it off at the first . I guess in mysql, the . tells the database to stop.  I need to cut the .'s out of it, why is hte database like that, I mean is it the . that is cutting it off, it records the first 2 letters, then cut's off the rest.
Link to comment
Share on other sites

Have you tried using add slashes for the ip? which would (if i remember right) make your ip look like

/1/2/0/,/3/9/./3/2/5/./2/4 or something similar...

so $ip = addslashes($_SERVER[REMOTE_ADDR]);

then to remove slashes for output...

$ip = removeslashes($query['ip']);
echo $ip;

something like that might be what you are aimed at?
Link to comment
Share on other sites

Why would the "dots" interfere with adding the information into the database (unless you were trying to put that into a numeric string, in which case the answer is blindingly obvious). Would you expect the same "dots" in a paragraph of text to stop the text from being added?
Link to comment
Share on other sites

[quote author=businessman332211 link=topic=107006.msg428768#msg428768 date=1157492113]
I normally do when I do database entries, I didn't think it was necessary for the ip, but I think your right, better safe than sorry.
[/quote]
Both $_SERVER[HTTP_REFERER] and $_SERVER[HTTP_USER_AGENT] should be treated as user input. I don't know if it's possible to manipulate the REMOTE_ADDR var but it shouldn't be assumed that it's not.
Link to comment
Share on other sites

[quote author=businessman332211 link=topic=107006.msg428815#msg428815 date=1157495021]
I noticed that, I felt pretty stupid so I didn't say anything else in the post, I had it set to integer, instead of varchar
[/quote]
take a look at ip2long and long2ip functions. whilst it doesn't remove the need for thorough checking, i find it much safer and also takes less storage in your DB. It has been known (from my own experience) for people to be able to manipulate certain values that turn up in the $_SERVER array (by masking/altering, rather than any brute force), so best not to leave anything to chance.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.