Is it necessary to check $ _SERVER ['REMOTE_ADDR']?

Question

Is it necessary to check $ _SERVER ['REMOTE_ADDR']?

assuming php is running in web mode via cgi / mod_php / etc ...

it is safe to assume that $ _SERVER ['REMOTE_ADDR'] exists, and, in addition, it will contain correctly styled (sorry, the terminology may be here ...) ip (1.1.1.1 → 255.255.255.255?)?

this is not a question regarding the weather contained inside $ _SERVER ['REMOTE_ADDR'] will be the true ip of the client making the request, since I understand that this can be "faked" by changing the outgoing tcp packets ...

simply:

a) $ _SERVER ['REMOTE_ADDR'] will exist if php starts in web mode. b) if $ _SERVER ['REMOTE_ADDR'] always exists, will it always contain the correct syntax ip?

thank.

+5

php apache cgi

anonymous-one Jun 25 '11 at 14:01

source share

1 answer

phihag · Accepted Answer · 2011-06-25T14:05:16+0000

Yes, it is always present in web mode, and since the IP address is converted from its binary representation to the text format that you see, it is always valid - there is no way in the IP header to specify an invalid IP address.

One more thing: do not accept any special format unless you absolutely have to deal with IP addresses. For example, IPv6 addresses are longer and contain different characters. Basically treat IP addresses as an opaque string.

Is it necessary to check $ _SERVER ['REMOTE_ADDR']?

More articles: