php - XSS attack in client's IP address -

php - XSS attack in client's IP address -

i want count unique visitors on webpage. client's ip using next function:

$ipaddress = ''; if ($_server['http_client_ip']) $ipaddress = $_server['http_client_ip']; else if($_server['http_x_forwarded_for']) $ipaddress = $_server['http_x_forwarded_for']; else if($_server['http_x_forwarded']) $ipaddress = $_server['http_x_forwarded']; else if($_server['http_forwarded_for']) $ipaddress = $_server['http_forwarded_for']; else if($_server['http_forwarded']) $ipaddress = $_server['http_forwarded']; else if($_server['remote_addr']) $ipaddress = $_server['remote_addr']; else $ipaddress = 'unknown'; homecoming $ipaddress;

should phone call htmlspecialchars() function on it, before inserting database? have heard possible manipulate headers , alter ip address add together xss or sql injection (i phone call real_escape_string() function) attack.

considering info type you're expecting ip, should validate specific info type add together next code

if(filter_var($ipaddress, filter_validate_ip)) homecoming $ipaddress; else homecoming "unknown";

this validates it's actual ip no sql injection attack vectors or xss pass through it.

php security ip xss htmlspecialchars