On Wed, Aug 08, 2001 at 12:45:32PM +1000, Chris Birmingham wrote:
> I would use
>
> $HTTP_SERVER_VARS["REMOTE_ADDR"]
> or
> $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]
>
> to return the IP address..
>
> I have seen, people using if($ip == $REMOTE_ADDR) { // do whatever }
> but in some configurations of PHP this can be a bad thing..
>
> index.php?REMOTE_ADDR=10.0.0.1 would override the variable $REMOTE_ADDR (in
> SOME configurations)
>
> Its probably alot harder for a malicious user to fake the HTTP_SERVER_VARS
> array than just a normal variable.
>
> Just my .02c :)
>
> Regards
>
> Chris
You could not be more right!
Always use stuff like $HTTP_SERVER_VARS, $HTTP_POST_VARS, etc. It's
the savest/best way!
--
* R&zE:
-- »»»»»»»»»»»»»»»»»»»»»»»»
-- Renze Munnik
-- DataLink BV
--
-- E: [EMAIL PROTECTED]
-- W: +31 23 5326162
-- F: +31 23 5322144
-- M: +31 6 21811143
-- H: +31 23 5516190
--
-- Stationsplein 82
-- 2011 LM HAARLEM
--
-- http://www.datalink.nl
-- ««««««««««««««««««««««««
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]