View Full Version : how can i got the full path variable ??

03-10-2009, 11:51 AM
if i have file in path like htt://site.com/path/file.php , when i needs to got the path in variable iam doing it like that

$path = "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];

but what if i got htt://site.com/path/file.php?id=11 , so with link like that if i used the previous variable it gonna give me only htt://site.com/path/file.php .

so please what variable should i use to got the full path htt://site.com/path/file.php?id=11


03-10-2009, 11:54 AM
Never use PHP_SELF for well... anything. It is xss exploitable.
To include the querystring, you can append the QUERY_STRING server variable, or you can replace the $_SERVER['PHP_SELF'] with $_SERVER['REQUEST_URI']. The querystring will also be included in the argv directive if its been defined.

Actually, now that I think about this, I'm pretty sure that REQUEST_URI is in the same boat.
Use SCRIPT_NAME + QUERY_STRING values from the server superglobal instead. Probably the best route.

03-10-2009, 12:22 PM
thanks a lot