PDA

View Full Version : Safe way to get current script name and path?



doubledee
08-23-2011, 03:15 AM
What is a safe/secure way to get the current script name and file path?

(I thought I read somewhere that using $_SERVER['PHP_SELF'] was insecure?!)


Debbie

kbluhm
08-23-2011, 03:27 AM
$_SERVER['REQUEST_URI'] will give you the current path with the query string.

To get the path sans query string, you could use:



// URL: http://www.mysite.com/file.php?this=that

list( $_SERVER['REQUEST_URL'] ) = explode( '?', $_SERVER['REQUEST_URI'] );

echo $_SERVER['REQUEST_URI']; // /file.php?this=that
echo $_SERVER['REQUEST_URL']; // /file.php

doubledee
08-23-2011, 03:41 AM
$_SERVER['REQUEST_URI'] will give you the current path with the query string.

To get the path sans query string, you could use:



// URL: http://www.mysite.com/file.php?this=that

list( $_SERVER['REQUEST_URL'] ) = explode( '?', $_SERVER['REQUEST_URI'] );

echo $_SERVER['REQUEST_URI']; // /file.php?this=that
echo $_SERVER['REQUEST_URL']; // /file.php



Sorry my brain isn't working very well tonight...

Let me explain what I want to do...

I have a page "article_index.php" that lists a synopsis of each article and has a link to each.

When a user clicks on a link like this...

<a href="<?php echo WEB_ROOT; ?>articles/fire-your-accountant-and-get-quickbooks">(Read Full Story)</a>

They are taken to a url like this...

http://local.dev/articles/fire-your-accountant-and-get-quickbooks

This is a "pretty URL" which gets translated to...

http://local.dev/article.php?title=fire-your-accountant-and-get-quickbooks

-----

I want to capture the path where the user is at and store it in a SESSION so that after they log in or register I can return them to this page.

1.) Do I want to work with the "Pretty URL" or the "Ugly URL"??

2.) What do I need to capture to do this?

3.) What is the best function or approach to do this?

(Obviously I need something that works both in my development environment and in a production environment.)

Hope that helps clarify things...



Debbie

doubledee
08-23-2011, 04:30 AM
$_SERVER['REQUEST_URI'] will give you the current path with the query string.

To get the path sans query string, you could use:



// URL: http://www.mysite.com/file.php?this=that

list( $_SERVER['REQUEST_URL'] ) = explode( '?', $_SERVER['REQUEST_URI'] );

echo $_SERVER['REQUEST_URI']; // /file.php?this=that
echo $_SERVER['REQUEST_URL']; // /file.php


Can you explain how your code works?

I don't understand how PHP knows how to assign the part of the URL before the ? to $_SERVER['REQUEST_URL']

The PHP Manual gives this example which makes more sense because your are defining a bunch of variables and then assigning the exploded parts to each variable...



// Example 2
$data = "foo:*:1023:1000::/home/foo:/bin/sh";
list($user, $pass, $uid, $gid, $gecos, $home, $shell) = explode(":", $data);
echo $user; // foo
echo $pass; // *



Debbie

kbluhm
08-23-2011, 04:37 AM
Can you explain how your code works?

I don't understand how PHP knows how to assign the part of the URL before the ? to $_SERVER['REQUEST_URL']

The PHP Manual gives this example which makes more sense because your are defining a bunch of variables and then assigning the exploded parts to each variable...



// Example 2
$data = "foo:*:1023:1000::/home/foo:/bin/sh";
list($user, $pass, $uid, $gid, $gecos, $home, $shell) = explode(":", $data);
echo $user; // foo
echo $pass; // *



Debbie

We are exploding on the `?` character. Since we're only defining a single index within the list() construct, we will only be grabbing the first value returned from explode().

If there is a `?`, everything prior to the `?` becomes the first value of the array.

If there is no `?`, then the original string becomes the first and only value in the array.

The first value is then captured to $_SERVER['REQUEST_URL'].

doubledee
08-23-2011, 04:39 AM
We are exploding on the `?` character. Since we're only defining a single index within the list() construct, we will only be grabbing the first value returned from explode().

If there is a `?`, everything prior to the `?` becomes the first value of the array and will be captured.

If there is no `?`, then the original string becomes the first and only value in the array.

So your code is a more efficient way of doing what the code I posted also did?


Debbie

kbluhm
08-23-2011, 04:48 AM
To which code of yours are you referring?

doubledee
08-23-2011, 04:57 AM
To which code of yours are you referring?

It appears that this is more efficient...


list( $_SERVER['REQUEST_URL'] ) = explode( '?', $_SERVER['REQUEST_URI'] );


Than this code is...


// Example 2
$data = "foo:*:1023:1000::/home/foo:/bin/sh";
list($user, $pass, $uid, $gid, $gecos, $home, $shell) = explode(":", $data);



Debbie

kbluhm
08-23-2011, 10:40 AM
Well they're really doing the exact same thing... just splitting on a single character and capturing the resulting array into individual variables. The only difference between the two is mine captures the first value only.