...

View Full Version : Safe way to get current script name and path?



doubledee
08-23-2011, 03:15 AM
What is a safe/secure way to get the current script name and file path?

(I thought I read somewhere that using $_SERVER['PHP_SELF'] was insecure?!)


Debbie

kbluhm
08-23-2011, 03:27 AM
$_SERVER['REQUEST_URI'] will give you the current path with the query string.

To get the path sans query string, you could use:



// URL: http://www.mysite.com/file.php?this=that

list( $_SERVER['REQUEST_URL'] ) = explode( '?', $_SERVER['REQUEST_URI'] );

echo $_SERVER['REQUEST_URI']; // /file.php?this=that
echo $_SERVER['REQUEST_URL']; // /file.php

doubledee
08-23-2011, 03:41 AM
$_SERVER['REQUEST_URI'] will give you the current path with the query string.

To get the path sans query string, you could use:



// URL: http://www.mysite.com/file.php?this=that

list( $_SERVER['REQUEST_URL'] ) = explode( '?', $_SERVER['REQUEST_URI'] );

echo $_SERVER['REQUEST_URI']; // /file.php?this=that
echo $_SERVER['REQUEST_URL']; // /file.php



Sorry my brain isn't working very well tonight...

Let me explain what I want to do...

I have a page "article_index.php" that lists a synopsis of each article and has a link to each.

When a user clicks on a link like this...

<a href="<?php echo WEB_ROOT; ?>articles/fire-your-accountant-and-get-quickbooks">(Read Full Story)</a>

They are taken to a url like this...

http://local.dev/articles/fire-your-accountant-and-get-quickbooks

This is a "pretty URL" which gets translated to...

http://local.dev/article.php?title=fire-your-accountant-and-get-quickbooks

-----

I want to capture the path where the user is at and store it in a SESSION so that after they log in or register I can return them to this page.

1.) Do I want to work with the "Pretty URL" or the "Ugly URL"??

2.) What do I need to capture to do this?

3.) What is the best function or approach to do this?

(Obviously I need something that works both in my development environment and in a production environment.)

Hope that helps clarify things...



Debbie

doubledee
08-23-2011, 04:30 AM
$_SERVER['REQUEST_URI'] will give you the current path with the query string.

To get the path sans query string, you could use:



// URL: http://www.mysite.com/file.php?this=that

list( $_SERVER['REQUEST_URL'] ) = explode( '?', $_SERVER['REQUEST_URI'] );

echo $_SERVER['REQUEST_URI']; // /file.php?this=that
echo $_SERVER['REQUEST_URL']; // /file.php


Can you explain how your code works?

I don't understand how PHP knows how to assign the part of the URL before the ? to $_SERVER['REQUEST_URL']

The PHP Manual gives this example which makes more sense because your are defining a bunch of variables and then assigning the exploded parts to each variable...



// Example 2
$data = "foo:*:1023:1000::/home/foo:/bin/sh";
list($user, $pass, $uid, $gid, $gecos, $home, $shell) = explode(":", $data);
echo $user; // foo
echo $pass; // *



Debbie

kbluhm
08-23-2011, 04:37 AM
Can you explain how your code works?

I don't understand how PHP knows how to assign the part of the URL before the ? to $_SERVER['REQUEST_URL']

The PHP Manual gives this example which makes more sense because your are defining a bunch of variables and then assigning the exploded parts to each variable...



// Example 2
$data = "foo:*:1023:1000::/home/foo:/bin/sh";
list($user, $pass, $uid, $gid, $gecos, $home, $shell) = explode(":", $data);
echo $user; // foo
echo $pass; // *



Debbie

We are exploding on the `?` character. Since we're only defining a single index within the list() construct, we will only be grabbing the first value returned from explode().

If there is a `?`, everything prior to the `?` becomes the first value of the array.

If there is no `?`, then the original string becomes the first and only value in the array.

The first value is then captured to $_SERVER['REQUEST_URL'].

doubledee
08-23-2011, 04:39 AM
We are exploding on the `?` character. Since we're only defining a single index within the list() construct, we will only be grabbing the first value returned from explode().

If there is a `?`, everything prior to the `?` becomes the first value of the array and will be captured.

If there is no `?`, then the original string becomes the first and only value in the array.

So your code is a more efficient way of doing what the code I posted also did?


Debbie

kbluhm
08-23-2011, 04:48 AM
To which code of yours are you referring?

doubledee
08-23-2011, 04:57 AM
To which code of yours are you referring?

It appears that this is more efficient...


list( $_SERVER['REQUEST_URL'] ) = explode( '?', $_SERVER['REQUEST_URI'] );


Than this code is...


// Example 2
$data = "foo:*:1023:1000::/home/foo:/bin/sh";
list($user, $pass, $uid, $gid, $gecos, $home, $shell) = explode(":", $data);



Debbie

kbluhm
08-23-2011, 10:40 AM
Well they're really doing the exact same thing... just splitting on a single character and capturing the resulting array into individual variables. The only difference between the two is mine captures the first value only.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum