Web Analytics Made Easy -
StatCounter Safe way to get current script name and path? - CodingForum

Announcement

Collapse
No announcement yet.

Safe way to get current script name and path?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Safe way to get current script name and path?

    What is a safe/secure way to get the current script name and file path?

    (I thought I read somewhere that using $_SERVER['PHP_SELF'] was insecure?!)


    Debbie

  • #2
    $_SERVER['REQUEST_URI'] will give you the current path with the query string.

    To get the path sans query string, you could use:
    PHP Code:

    // URL: http://www.mysite.com/file.php?this=that

    list( $_SERVER['REQUEST_URL'] ) = explode'?'$_SERVER['REQUEST_URI'] );

    echo 
    $_SERVER['REQUEST_URI']; // /file.php?this=that
    echo $_SERVER['REQUEST_URL']; // /file.php 
    Last edited by kbluhm; Aug 22, 2011, 10:30 PM.
    ZCE

    Comment


    • #3
      Originally posted by kbluhm View Post
      $_SERVER['REQUEST_URI'] will give you the current path with the query string.

      To get the path sans query string, you could use:
      PHP Code:

      // URL: http://www.mysite.com/file.php?this=that

      list( $_SERVER['REQUEST_URL'] ) = explode'?'$_SERVER['REQUEST_URI'] );

      echo 
      $_SERVER['REQUEST_URI']; // /file.php?this=that
      echo $_SERVER['REQUEST_URL']; // /file.php 

      Sorry my brain isn't working very well tonight...

      Let me explain what I want to do...

      I have a page "article_index.php" that lists a synopsis of each article and has a link to each.

      When a user clicks on a link like this...

      <a href="<?php echo WEB_ROOT; ?>articles/fire-your-accountant-and-get-quickbooks">(Read Full Story)</a>

      They are taken to a url like this...

      http://local.dev/articles/fire-your-...get-quickbooks

      This is a "pretty URL" which gets translated to...

      http://local.dev/article.php?title=f...get-quickbooks

      -----

      I want to capture the path where the user is at and store it in a SESSION so that after they log in or register I can return them to this page.

      1.) Do I want to work with the "Pretty URL" or the "Ugly URL"??

      2.) What do I need to capture to do this?

      3.) What is the best function or approach to do this?

      (Obviously I need something that works both in my development environment and in a production environment.)

      Hope that helps clarify things...



      Debbie

      Comment


      • #4
        Originally posted by kbluhm View Post
        $_SERVER['REQUEST_URI'] will give you the current path with the query string.

        To get the path sans query string, you could use:
        PHP Code:

        // URL: http://www.mysite.com/file.php?this=that

        list( $_SERVER['REQUEST_URL'] ) = explode'?'$_SERVER['REQUEST_URI'] );

        echo 
        $_SERVER['REQUEST_URI']; // /file.php?this=that
        echo $_SERVER['REQUEST_URL']; // /file.php 
        Can you explain how your code works?

        I don't understand how PHP knows how to assign the part of the URL before the ? to $_SERVER['REQUEST_URL']

        The PHP Manual gives this example which makes more sense because your are defining a bunch of variables and then assigning the exploded parts to each variable...

        Code:
        // Example 2
        $data = "foo:*:1023:1000::/home/foo:/bin/sh";
        list($user, $pass, $uid, $gid, $gecos, $home, $shell) = explode(":", $data);
        echo $user; // foo
        echo $pass; // *

        Debbie

        Comment


        • #5
          Originally posted by doubledee View Post
          Can you explain how your code works?

          I don't understand how PHP knows how to assign the part of the URL before the ? to $_SERVER['REQUEST_URL']

          The PHP Manual gives this example which makes more sense because your are defining a bunch of variables and then assigning the exploded parts to each variable...

          Code:
          // Example 2
          $data = "foo:*:1023:1000::/home/foo:/bin/sh";
          list($user, $pass, $uid, $gid, $gecos, $home, $shell) = explode(":", $data);
          echo $user; // foo
          echo $pass; // *

          Debbie
          We are exploding on the `?` character. Since we're only defining a single index within the list() construct, we will only be grabbing the first value returned from explode().

          If there is a `?`, everything prior to the `?` becomes the first value of the array.

          If there is no `?`, then the original string becomes the first and only value in the array.

          The first value is then captured to $_SERVER['REQUEST_URL'].
          Last edited by kbluhm; Aug 22, 2011, 11:39 PM.
          ZCE

          Comment


          • #6
            Originally posted by kbluhm View Post
            We are exploding on the `?` character. Since we're only defining a single index within the list() construct, we will only be grabbing the first value returned from explode().

            If there is a `?`, everything prior to the `?` becomes the first value of the array and will be captured.

            If there is no `?`, then the original string becomes the first and only value in the array.
            So your code is a more efficient way of doing what the code I posted also did?


            Debbie

            Comment


            • #7
              To which code of yours are you referring?
              ZCE

              Comment


              • #8
                Originally posted by kbluhm View Post
                To which code of yours are you referring?
                It appears that this is more efficient...
                Code:
                list( $_SERVER['REQUEST_URL'] ) = explode( '?', $_SERVER['REQUEST_URI'] );

                Than this code is...
                Code:
                // Example 2
                $data = "foo:*:1023:1000::/home/foo:/bin/sh";
                list($user, $pass, $uid, $gid, $gecos, $home, $shell) = explode(":", $data);

                Debbie

                Comment


                • #9
                  Well they're really doing the exact same thing... just splitting on a single character and capturing the resulting array into individual variables. The only difference between the two is mine captures the first value only.
                  ZCE

                  Comment

                  Working...
                  X