On Sun, Jan 29, 2012 at 5:38 PM, Tedd Sperling <tedd.sperling@xxxxxxxxx> wrote: > On Jan 27, 2012, at 12:45 PM, Adam Richardson wrote: > >> On Fri, Jan 27, 2012 at 12:09 PM, Tedd Sperling <tedd.sperling@xxxxxxxxx> wrote: >> On Jan 11, 2012, at 9:24 PM, tamouse mailing lists wrote: >> >> > Is there ever a case where SCRIPT_NAME does not equal PHP_SELF? >> >> Was this every answered? I would like to know. >> >> Cheers, >> >> tedd >> >> Yep, can be different: >> http://stackoverflow.com/questions/279966/php-self-vs-path-info-vs-script-name-vs-request-uri >> >> Adam > > I should have been more clear -- I understand: > > [PHP_SELF] => /test.php/foo/bar > [SCRIPT_NAME] => /test.php/ > > by practice is different. > > I should have used basename() in my question. > > The main point I was trying to get was which one is more secure and not subject to cross-site scripting or other such security issues? > > IOW, if you had to bet your life on it, which would be most secure in reporting an accurate basename()? > > Cheers, > > tedd I don't think basename() makes much sense here, does it? basename($_SERVER['PHP_SELF']) would give bar on your first example. To answer your question about XSS or other security issues, it all depends on how you use the info afterwards. - Matijn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php