Securing IP check php

Question

I have

$result = mysqli_query($mysqli,"SELECT * FROM ".MYSQLBTCTABLE." WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' AND date = '".date("Y-m-d")."' AND time = '".date("D")."'") or die(mysqli_error());

How can I secure the $_SERVER['REMOTE_ADDR'] so it checks not only the user ip/proxy but also the socks ip so they can't abuse my code by changing IP?

also I found this code:

                function getRealIpAddr()
{
    if (!empty($_SERVER['HTTP_CLIENT_IP']))   //check ip from share internet
    {
      $ip=$_SERVER['HTTP_CLIENT_IP'];
    }
    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))   //to check ip is pass from proxy
    {
      $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    else
    {
      $ip=$_SERVER['REMOTE_ADDR'];
    }
    return $ip;
}

Will it work so if I put WHERE ip = '".($ip)."' ?

Answer 1

You can not do that in common case

• You can't be sure if user is using proxy: it can be anonymous proxy
• You can't be sure if he is using computer device
• You can't be sure that he is human: it may be request via cURL or similar stuff

So that's the reality of the Internet. You can not rely on any information that came from client side. If you're suspecting that user changed his IP address - then hide critical part behind authentication . Thus, you'll be able to identify user by his login in your web-application.