asmith Posted December 26, 2007 Share Posted December 26, 2007 does using getenv(REMOTE_ADDR) have any risk ? correct me if i wrong , i may have messed up some things together , is it just enough safe to get user ip address with this function and that's all ? or it may make some possibility and chance to crack the script or something? Quote Link to comment Share on other sites More sharing options...
OOP Posted December 26, 2007 Share Posted December 26, 2007 Hi there, I don't know if every one agrees with me but you should consider this as an input to your script and you should always validate and filter inputs. Regards Quote Link to comment Share on other sites More sharing options...
Orio Posted December 26, 2007 Share Posted December 26, 2007 As far as I know (and according to what I can find on the web), you can trust getenv(REMOTE_ADDR) (or $_SERVER['REMOTE_ADDR']). But you shouldn't trust $_SERVER['X-Forwarded-For'] or $_SERVER['HTTP_USER_AGENT'] since they can be easily faked. But what OOP said can't hurt anyone Orio. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.