这个是网上常见获取ip函数
其中x-forword-fox的值是可以被自定义改写的.
在firefox下通过Moify Headers插件或者用php的fsockopen()函数等方法来改写.
如果你需要将IP写入数据库并打开的错误输出,那么将HTTP_X_FORWARDED_FOR的值改成192.168.0.1′ or 1= 是可能会产生sql注射.
同样$_SERVER[“HTTP_USER_AGENT”],$_SERVER[“HTTP_ACCEPT_LANGUAGE”],$_SERVER[‘HTTP_REFERER’] 等http变量入库时也需做过滤
改进的获取ip函数
if(getenv(‘HTTP_CLIENT_IP’) && strcasecmp(getenv(‘HTTP_CLIENT_IP’), ‘unknown’)) { $OnlineIP = getenv(‘HTTP_CLIENT_IP’); } elseif(getenv(‘HTTP_X_FORWARDED_FOR’) && strcasecmp(getenv(‘HTTP_X_FORWARDED_FOR’), ‘unknown’)) { $OnlineIP = getenv(‘HTTP_X_FORWARDED_FOR’); } elseif(getenv(‘REMOTE_ADDR’) && strcasecmp(getenv(‘REMOTE_ADDR’), ‘unknown’)) { $OnlineIP = getenv(‘REMOTE_ADDR’); } elseif(isset($_SERVER[‘REMOTE_ADDR’]) && $_SERVER[‘REMOTE_ADDR’] && strcasecmp($_SERVER[‘REMOTE_ADDR’], ‘unknown’)) { $OnlineIP = $_SERVER[‘REMOTE_ADDR’]; } preg_match(“/[\d\.]{7,15}/”, $OnlineIP, $match); $OnlineIP = $match[0] ? $match[0] : ‘unknown’; unset($match);参考:
No Responses (yet)
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.