开发者

is it necessary to validate $_SERVER['REMOTE_ADDR']?

开发者 https://www.devze.com 2023-03-15 14:28 出处:网络
assuming that php is running in web mode via cgi / mod_php / etc... is it safe to assume tha开发者_运维知识库t $_SERVER[\'REMOTE_ADDR\'] will exist, and further more, that it will contain a correctly

assuming that php is running in web mode via cgi / mod_php / etc...

is it safe to assume tha开发者_运维知识库t $_SERVER['REMOTE_ADDR'] will exist, and further more, that it will contain a correctly stylized (sorry, terminology may be off here...) ip (1.1.1.1 -> 255.255.255.255?)?

this is not a question regarding weather the ip contained inside $_SERVER['REMOTE_ADDR'] will be a the true ip of the client making the request, as i do understand this can be 'spoofed' by modifying the outbound tcp packets...

just simply:

a) will $_SERVER['REMOTE_ADDR'] always exist if php is ran in web mode. b) if $_SERVER['REMOTE_ADDR'] does always exist, will it always contain a properly syntaxed ip?

thanks.


Yes, it is always present in web mode, and since the IP address is converted from its binary representation to the textual format you're seeing, it is always valid – there is no way to specify an invalid IP in the IP header.

One more thing: Don't assume any special format unless you absolutely must deal with IP addresses. For example, IPv6 addresses are longer and contain different characters. Basically, deal with IP addresses as an opaque string.

0

精彩评论

暂无评论...
验证码 换一张
取 消