Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,127
    Thanks
    27
    Thanked 0 Times in 0 Posts

    Safe way to get current script name and path?

    What is a safe/secure way to get the current script name and file path?

    (I thought I read somewhere that using $_SERVER['PHP_SELF'] was insecure?!)


    Debbie

  • #2
    Senior Coder kbluhm's Avatar
    Join Date
    Apr 2007
    Location
    Philadelphia, PA, USA
    Posts
    1,509
    Thanks
    3
    Thanked 258 Times in 254 Posts
    $_SERVER['REQUEST_URI'] will give you the current path with the query string.

    To get the path sans query string, you could use:
    PHP Code:

    // URL: http://www.mysite.com/file.php?this=that

    list( $_SERVER['REQUEST_URL'] ) = explode'?'$_SERVER['REQUEST_URI'] );

    echo 
    $_SERVER['REQUEST_URI']; // /file.php?this=that
    echo $_SERVER['REQUEST_URL']; // /file.php 
    Last edited by kbluhm; 08-23-2011 at 04:30 AM.

  • #3
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,127
    Thanks
    27
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by kbluhm View Post
    $_SERVER['REQUEST_URI'] will give you the current path with the query string.

    To get the path sans query string, you could use:
    PHP Code:

    // URL: http://www.mysite.com/file.php?this=that

    list( $_SERVER['REQUEST_URL'] ) = explode'?'$_SERVER['REQUEST_URI'] );

    echo 
    $_SERVER['REQUEST_URI']; // /file.php?this=that
    echo $_SERVER['REQUEST_URL']; // /file.php 

    Sorry my brain isn't working very well tonight...

    Let me explain what I want to do...

    I have a page "article_index.php" that lists a synopsis of each article and has a link to each.

    When a user clicks on a link like this...

    <a href="<?php echo WEB_ROOT; ?>articles/fire-your-accountant-and-get-quickbooks">(Read Full Story)</a>

    They are taken to a url like this...

    http://local.dev/articles/fire-your-...get-quickbooks

    This is a "pretty URL" which gets translated to...

    http://local.dev/article.php?title=f...get-quickbooks

    -----

    I want to capture the path where the user is at and store it in a SESSION so that after they log in or register I can return them to this page.

    1.) Do I want to work with the "Pretty URL" or the "Ugly URL"??

    2.) What do I need to capture to do this?

    3.) What is the best function or approach to do this?

    (Obviously I need something that works both in my development environment and in a production environment.)

    Hope that helps clarify things...



    Debbie

  • #4
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,127
    Thanks
    27
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by kbluhm View Post
    $_SERVER['REQUEST_URI'] will give you the current path with the query string.

    To get the path sans query string, you could use:
    PHP Code:

    // URL: http://www.mysite.com/file.php?this=that

    list( $_SERVER['REQUEST_URL'] ) = explode'?'$_SERVER['REQUEST_URI'] );

    echo 
    $_SERVER['REQUEST_URI']; // /file.php?this=that
    echo $_SERVER['REQUEST_URL']; // /file.php 
    Can you explain how your code works?

    I don't understand how PHP knows how to assign the part of the URL before the ? to $_SERVER['REQUEST_URL']

    The PHP Manual gives this example which makes more sense because your are defining a bunch of variables and then assigning the exploded parts to each variable...

    Code:
    // Example 2
    $data = "foo:*:1023:1000::/home/foo:/bin/sh";
    list($user, $pass, $uid, $gid, $gecos, $home, $shell) = explode(":", $data);
    echo $user; // foo
    echo $pass; // *

    Debbie

  • #5
    Senior Coder kbluhm's Avatar
    Join Date
    Apr 2007
    Location
    Philadelphia, PA, USA
    Posts
    1,509
    Thanks
    3
    Thanked 258 Times in 254 Posts
    Quote Originally Posted by doubledee View Post
    Can you explain how your code works?

    I don't understand how PHP knows how to assign the part of the URL before the ? to $_SERVER['REQUEST_URL']

    The PHP Manual gives this example which makes more sense because your are defining a bunch of variables and then assigning the exploded parts to each variable...

    Code:
    // Example 2
    $data = "foo:*:1023:1000::/home/foo:/bin/sh";
    list($user, $pass, $uid, $gid, $gecos, $home, $shell) = explode(":", $data);
    echo $user; // foo
    echo $pass; // *

    Debbie
    We are exploding on the `?` character. Since we're only defining a single index within the list() construct, we will only be grabbing the first value returned from explode().

    If there is a `?`, everything prior to the `?` becomes the first value of the array.

    If there is no `?`, then the original string becomes the first and only value in the array.

    The first value is then captured to $_SERVER['REQUEST_URL'].
    Last edited by kbluhm; 08-23-2011 at 05:39 AM.

  • #6
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,127
    Thanks
    27
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by kbluhm View Post
    We are exploding on the `?` character. Since we're only defining a single index within the list() construct, we will only be grabbing the first value returned from explode().

    If there is a `?`, everything prior to the `?` becomes the first value of the array and will be captured.

    If there is no `?`, then the original string becomes the first and only value in the array.
    So your code is a more efficient way of doing what the code I posted also did?


    Debbie

  • #7
    Senior Coder kbluhm's Avatar
    Join Date
    Apr 2007
    Location
    Philadelphia, PA, USA
    Posts
    1,509
    Thanks
    3
    Thanked 258 Times in 254 Posts
    To which code of yours are you referring?

  • #8
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,127
    Thanks
    27
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by kbluhm View Post
    To which code of yours are you referring?
    It appears that this is more efficient...
    Code:
    list( $_SERVER['REQUEST_URL'] ) = explode( '?', $_SERVER['REQUEST_URI'] );

    Than this code is...
    Code:
    // Example 2
    $data = "foo:*:1023:1000::/home/foo:/bin/sh";
    list($user, $pass, $uid, $gid, $gecos, $home, $shell) = explode(":", $data);

    Debbie

  • #9
    Senior Coder kbluhm's Avatar
    Join Date
    Apr 2007
    Location
    Philadelphia, PA, USA
    Posts
    1,509
    Thanks
    3
    Thanked 258 Times in 254 Posts
    Well they're really doing the exact same thing... just splitting on a single character and capturing the resulting array into individual variables. The only difference between the two is mine captures the first value only.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •