Whatever you do, make sure not to trust data sent from the client.
(无论做什么,请确保不要信任从客户端发送的数据。)
$_SERVER['REMOTE_ADDR'] contains the real IP address of the connecting party. ($_SERVER['REMOTE_ADDR']包含连接方的真实IP地址。)
That is the most reliable value you can find. (那是您能找到的最可靠的价值。)
However, they can be behind a proxy server in which case the proxy may have set the $_SERVER['HTTP_X_FORWARDED_FOR'] , but this value is easily spoofed.
(但是,它们可能位于代理服务器之后,在这种情况下,代理可能已设置$_SERVER['HTTP_X_FORWARDED_FOR'] ,但此值很容易被欺骗。)
For example, it can be set by someone without a proxy, or the IP can be an internal IP from the LAN behind the proxy. (例如,它可以由没有代理的人设置,或者IP可以是来自代理后面的LAN的内部IP。)
This means that if you are going to save the $_SERVER['HTTP_X_FORWARDED_FOR'] , make sure you also save the $_SERVER['REMOTE_ADDR'] value.
(这意味着,如果要保存$_SERVER['HTTP_X_FORWARDED_FOR'] ,请确保还保存$_SERVER['REMOTE_ADDR']值。)
Eg by saving both values in different fields in your database. (例如,通过将两个值保存在数据库的不同字段中。)
If you are going to save the IP to a database as a string, make sure you have space for at least 45 characters .
(如果要将IP作为字符串保存到数据库中,请确保至少有45个字符的空间。)
IPv6 is here to stay and those addresses are larger than the older IPv4 addresses. (IPv6仍然存在,并且这些地址大于旧的IPv4地址。)
(Note that IPv6 usually uses 39 characters at most but there is also a special IPv6 notation for IPv4 addresses which in its full form can be up to 45 characters. So if you know what you are doing you can use 39 characters, but if you just want to set and forget it, use 45).
((请注意,IPv6通常最多使用39个字符,但是IPv4地址也有特殊的IPv6表示法 ,其完整形式最多可以包含45个字符。因此,如果您知道自己在做什么,则可以使用39个字符,但是如果只想设置并忘记它,请使用45)。)
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
