我正在尝试从php联系表单中获取用户的ip地址,我有以下代码,但我想知道以这种方式使用clean_string向我自己发送ip地址是否有效?
<?php
session_start();
if(isset($_POST['fullname'])) {
include 'freecontact2formsettings.php';
function died($error) {
echo "Sorry, but there were error(s) found with the form you submitted. ";
echo "These errors appear below.<br /><br />";
echo $error."<br /><br />";
echo "Please go back and fix these errors.<br /><br />";
die();
}
if(!isset($_POST['fullname']) ||
!isset($_POST['Address1']) ||
!isset($_POST['city']) ||
!isset($_POST['Postcode']) ||
!isset($_POST['contactnum']) ||
!isset($_POST['emailaddress'])
) {
died('Sorry, there appears to be a problem with your form submission.');
}
$ip = $_SERVER['HTTP_CLIENT_IP'];
$ansb0_from = $_POST['fullname']; // required
$ansb1_from = $_POST['Address1']; // required
$ansb3_from = $_POST['city']; // required
$ansb4_from = $_POST['Postcode']; // required
$ansb5_from = $_POST['contactnum']; // required
$ansb6_from = $_POST['emailaddress']; // required
$error_message = "";
$email_message = "PHP CONTACT FORM:\r\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:");
return str_replace($bad,"",$string);
}
$email_message .= "Forename: ".clean_string($ansb0_from)."\r\n";
$email_message .= "Address 1: ".clean_string($ansb1_from)."\r\n";
$email_message .= "City: ".clean_string($ansb3_from)."\r\n";
$email_message .= "Postcode: ".clean_string($ansb4_from)."\r\n";
$email_message .= "Contact Number: ".clean_string($ansb5_from)."\r\n";
$email_message .= "Email Address: ".clean_string($ansb6_from)."\r\n";
$email_message .="IP Address: ".clean_string($ip)."\n\n";
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($email_to, $email_subject, $email_message, $headers);
header("Location: $thankyou");
?>
<script>location.replace('<?php echo $thankyou;?>')</script>
<?php
}
die();
?>
此外,
$ip = $_SERVER['HTTP_CLIENT_IP'];
是在联系表单脚本页面上,而不是用户输入信息的实际form.php,我认为那是我出错的地方吗?
答案 0 :(得分:9)
您不希望表单中包含IP。这样它就可以显示,编辑和搞乱。相反,只需使用以下方法捕获服务器端:
$_SERVER['REMOTE_ADDR'];
谷歌搜索这个问题应该顺便返回5亿个有效的结果。只是一个快速提醒。
答案 1 :(得分:1)
您要同时检查$_SERVER["REMOTE_ADDR"]
和$_SERVER["HTTP_X_FORWARDED_FOR"]
,因为如果用户位于代理服务器后面,则可能需要后者。
您可以在此处阅读更多内容:https://stackoverflow.com/a/3003233/666468