which is the better way to get the ip
https://stackoverflow.com/questions/1636644
-
06-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
What is the better way of getting the IP address in PHP:
getenv('REMOTE_ADDR');
or,
$_SERVER['REMOTE_ADDR'];
please tell me the difference, if any, between the two.
Solution
getenv() can be used to access any environment variables (PHP simply registers REMOTE_ADDR as an environment variable for the script), while with $_SERVER you obviously only access the contents of the $_SERVER superglobal.
The common approach is to use $_SERVER for this, although it doesn't really make a difference functionality-wise.
OTHER TIPS
$_SERVER is a built in PHP variable, while getenv() ask the environment (probably Apache/IIS) for values.
The best way to get the IP is;
$ip = (!empty($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : getenv('REMOTE_ADDR');
But I doubt there's any difference between these two variables... Hm.
It would probably be better to use $_SERVER['REMOTE_ADDR']; to prevent incompatibilities between servers.
There's no differences between the tho calls. As you can see PHP manual use both method in the same example. There are some cases where you don't have global variables like $_SERVER enabled and you are forced to use getenv(). In my experience i've never seen a server with global variables disabled.
With $_SERVER['REMOTE_ADDR'] you read directly the global variable by accessing the $_SERVER[] array that is set up when occurs a remote request:
$_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server. There is no guarantee that every web server will provide any of these; servers may omit some, or provide others not listed here. That said, a large number of these variables are accounted for in the » CGI 1.1 specification, so you should be able to expect those.
The getenv() function access to any environment variable to get the related value!
In both cases you access the same value and the same variable ... but $_SERVER is a build in PHP superglobal variable, instead getenv() get the value of a variable defined in the current environment!
I think that in this case the use of the superglobal variable is the best way to get the IP address!
This post is a bit dated, so I thought I would share how I am currently getting the request IP address in my PHP scripts, as this post was originally about a better way to get a request IP. This is a better way, although not one of the choices given in the original post.
This approach uses a small function library for ease of portability.
// Function to sanitize IP string
function sanitize_ip($string){
$string = trim($string);
$string = strip_tags($string);
$string = htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
$string = str_replace('\n', '', $string);
$string = trim($string);
return $string;
}
// Function to evaluate HTTP headers for IP
function evaluate_ip(){
$ip_keys =
array(
'HTTP_CF_CONNECTING_IP', 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR',
'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_X_REAL_IP',
'HTTP_X_COMING_FROM', 'HTTP_PROXY_CONNECTION', 'HTTP_FORWARDED_FOR',
'HTTP_FORWARDED', 'HTTP_COMING_FROM', 'HTTP_VIA',
'REMOTE_ADDR'
);
foreach ($ip_keys as $key){
if (array_key_exists($key, $_SERVER) === true){
foreach (explode(',', $_SERVER[$key]) as $ip){
$ip = trim($ip);
$ip = normalize_ip($ip);
if (validate_ip($ip)) return $ip;
}
}
}
// Build error response HTML
$msg =
'<div style="width:100%; font-family:serif; font-size:24px; line-height:28px; color:#cc0000; font-weight:bold; text-align:center; padding:10px;">
ERROR: <span style="color:#ffc107">Invalid IP Address</span>
</div>';
echo $msg;
exit;
}
// Function to normalize IPv4 and IPv6 addresses with port
function normalize_ip($ip){
// IPv4 with port (e.g., 123.123.123.123:80)
if (strpos($ip, ':') !== false && substr_count($ip, '.') == 3 && strpos($ip, '[') === false){
$ip = explode(':', $ip);
$ip = $ip[0];
}
// IPv6 with port (e.g., [::1]:80)
else {
$ip = explode(']', $ip);
$ip = ltrim($ip[0], '[');
}
return $ip;
}
// Function to validate IP address
function validate_ip($ip){
$options = FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE;
$filtered = filter_var($ip, FILTER_VALIDATE_IP, $options);
if (!$filtered || empty($filtered)){
if (preg_match("/^(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/", $ip)){
return $ip; // IPv4
}
elseif (preg_match("/^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$/", $ip)){
return $ip; // IPv6
}
// Build error response HTML
$msg =
'<div style="width:100%; font-family:serif; font-size:24px; line-height:28px; color:#cc0000; font-weight:bold; text-align:center; padding:10px;">
ERROR: <span style="color:#ffc107">Invalid IP Address</span>
</div>';
echo $msg;
exit;
}
return $filtered;
}
function get_ip(){
$ip = evaluate_ip();
if (preg_match('/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/', $ip, $ip_match)){
$ip = $ip_match[1];
}
return sanitize_ip($ip);
}
// To Use
$ip = get_ip();
//
Hope this will help someone now in 2018!
