Need suggestions to update following function for detection of IP address to be more accurately and safer from SQL injection via user input
function getip(){
if(!empty($_SERVER['HTTP_CLIENT_IP'])){
$ip=$_SERVER['HTTP_CLIENT_IP'];
}else if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}else{
$ip=$_SERVER['REMOTE_ADDR'];
}
$ip = strtolower($ip);
if(substr_count($ip,"unkown")>0){
$ip=$_SERVER['REMOTE_ADDR'];
}
$ip = htmlspecialchars($ip);
$ip = mysql_real_escape_string($ip);
return $ip;
Run this edit OnLine
function getip()
{
$keyname_ip_arr = array('HTTP_X_FORWARDED_FOR', 'HTTP_REMOTE_ADDR_REAL', 'HTTP_CLIENT_IP', 'HTTP_X_REAL_IP', 'REMOTE_ADDR');
foreach ($keyname_ip_arr as $keyname_ip) {
if (!empty($_SERVER[$keyname_ip])) {
$ip = $_SERVER[$keyname_ip];
if (strstr($ip, ',')) {
$ips = explode(',', $ip);
foreach ($ips as $ip)
{
if(filter_var(trim($ip), FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE)) break(2);
}
}
elseif(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE)) break;
}
}
return $ip;
list($ip1,$ip2,$ip3,$ip4) = explode('.',$ip);
return $ip1.'.'.$ip2.'.'.$ip3.'.0';
}