Is it possible for a user to forge the result that is returned from

Question

0

Asked: May 13, 20262026-05-13T09:47:29+00:00 2026-05-13T09:47:29+00:00

Is it possible for a user to forge the result that is returned from

0

Is it possible for a user to forge the result that is returned from $_SERVER['REMOTE_ADDR'] in PHP so they could in theory use SQL injection on a database?

This is a bit dumb, but I’m still new enough to PHP that I want to know if it can be done, whether or not I need to sanitize database input when the SELECT statement chooses from IP addresses returned from $_SERVER['REMOTE_ADDR']. So, if I wanted to use something like $query = "SELECT * FROM users WHERE IP='" . $_SERVER['REMOTE_ADDR'] . "'";, would there be any danger to my doing this?

Again, probably a “nooby” question, but I feel it must be asked.

Thanks

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-13T09:47:29+00:00

Editorial Team

2026-05-13T09:47:29+00:00Added an answer on May 13, 2026 at 9:47 am

It’s a stretch, and unlikely, but I wouldn’t go as far as to say it’s impossible. So….

Use parameterized queries anyways.

Even if you never get attacked via the IP address field, you will still get the added benefit of faster queries through caching.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Is it possible for a user to forge the result that is returned from

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply