On Feb 20, 2008 7:14 AM, Eric Boo <ericboo@xxxxxxxxx> wrote: > Hi all, > > I'm currently parsing the variable $_SERVER['PHP_SELF'] to get the > base url of a site. [snip!] > Questions" > 1) Are there security implications in using $_SERVER['PHP_SELF'], and > if so, how do I mitigate it? > 2) Is using this method safe for all sorts of browsers/servers that run php? > 3) If I install an SEF software so that my url looks like > http://www.example.com/~eric/program/a/b/c ,what will > $_SERVER['PHP_SELF'] show? 1.) No more than any other predefined superglobal.[1] 2.) Yes, though the browser has nothing to do with PHP. 3.) It will show what should be in PHP_SELF: the name of the parent script.[2] FOOTNOTES: [1] $_SERVER is what's called a SUPERGLOBAL in PHP. The same as $_POST, $_GET, $_REQUEST, $_COOKIE, $_FILES, $_ENV, and $_SESSION. Moreover, $GLOBALS shows all globals within the scope of a script. For more information, check out: http://php.net/manual/en/language.variables.predefined.php [2] PHP_SELF is a reserved and predefined variable. Check out the scope of $_SERVER right here: http://php.net/manual/en/reserved.variables.php#reserved.variables.server -- </Dan> Daniel P. Brown Senior Unix Geek <? while(1) { $me = $mind--; sleep(86400); } ?> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
