On Jan 27, 2012, at 12:45 PM, Adam Richardson wrote: > On Fri, Jan 27, 2012 at 12:09 PM, Tedd Sperling <tedd.sperling@xxxxxxxxx> wrote: > On Jan 11, 2012, at 9:24 PM, tamouse mailing lists wrote: > > > Is there ever a case where SCRIPT_NAME does not equal PHP_SELF? > > Was this every answered? I would like to know. > > Cheers, > > tedd > > Yep, can be different: > http://stackoverflow.com/questions/279966/php-self-vs-path-info-vs-script-name-vs-request-uri > > Adam I should have been more clear -- I understand: [PHP_SELF] => /test.php/foo/bar [SCRIPT_NAME] => /test.php/ by practice is different. I should have used basename() in my question. The main point I was trying to get was which one is more secure and not subject to cross-site scripting or other such security issues? IOW, if you had to bet your life on it, which would be most secure in reporting an accurate basename()? Cheers, tedd _____________________ tedd@xxxxxxxxxxxx http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
