On Feb 20, 2008 7:14 AM, Eric Boo <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I'm currently parsing the variable $_SERVER['PHP_SELF'] to get the
> base url of a site.
[snip!]
> Questions"
> 1) Are there security implications in using $_SERVER['PHP_SELF'], and
> if so, how do I mitigate it?
> 2) Is using this method safe for all sorts of browsers/servers that run php?
> 3) If I install an SEF software so that my url looks like
> http://www.example.com/~eric/program/a/b/c ,what will
> $_SERVER['PHP_SELF'] show?
1.) No more than any other predefined superglobal.[1]
2.) Yes, though the browser has nothing to do with PHP.
3.) It will show what should be in PHP_SELF: the name of the
parent script.[2]
FOOTNOTES:
[1] $_SERVER is what's called a SUPERGLOBAL in PHP. The same
as $_POST, $_GET, $_REQUEST, $_COOKIE, $_FILES, $_ENV, and $_SESSION.
Moreover, $GLOBALS shows all globals within the scope of a script.
For more information, check out:
http://php.net/manual/en/language.variables.predefined.php
[2] PHP_SELF is a reserved and predefined variable. Check out
the scope of $_SERVER right here:
http://php.net/manual/en/reserved.variables.php#reserved.variables.server
--
</Dan>
Daniel P. Brown
Senior Unix Geek
<? while(1) { $me = $mind--; sleep(86400); } ?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
