a question about $_SERVER['PHP_SELF']

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mayanktalwar1988
Forum Contributor
Posts: 133
Joined: Wed Jul 08, 2009 2:44 am

a question about $_SERVER['PHP_SELF']

Post by mayanktalwar1988 »

hey if the curent executing script url of mine is like this localhost/pro/topic.php?id=2
and if i used $_SERVER['PHP_SELF] in the same script
in one of statements like this

echo " <a class=\"pagination\" href='{$_SERVER['PHP_SELF']}?pagenum=$next&id=$id'>'>Next -></a> ";

then the link followed by the above statement will be like this localhost/pro/topic.php?pagenum=1&id=2
or it will be like this localhost/pro/topic.php?id=2pagenum=1&id=2 which i dont want?
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: a question about $_SERVER['PHP_SELF']

Post by requinix »

Have you tried it to see what happens?
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: a question about $_SERVER['PHP_SELF']

Post by jackpf »

tasairis wrote:Have you tried it to see what happens?
+1
mayanktalwar1988
Forum Contributor
Posts: 133
Joined: Wed Jul 08, 2009 2:44 am

Re: a question about $_SERVER['PHP_SELF']

Post by mayanktalwar1988 »

i knew you gonna ask me this question..and answer is nooo......if i have treid that then i havnt asked this question :D
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: a question about $_SERVER['PHP_SELF']

Post by Eran »

if i have tried that then i havnt asked this question
I think this is the point they were trying to make
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: a question about $_SERVER['PHP_SELF']

Post by jackpf »

mayanktalwar1988 wrote:i knew you gonna ask me this question..and answer is nooo......if i have treid that then i havnt asked this question :D
Try it then numpty.
mayanktalwar1988
Forum Contributor
Posts: 133
Joined: Wed Jul 08, 2009 2:44 am

Re: a question about $_SERVER['PHP_SELF']

Post by mayanktalwar1988 »

numpty .great....... i am gona try it tommorow just trying to add pagination to my already existing script.
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: a question about $_SERVER['PHP_SELF']

Post by jackpf »

Lol. Sorry.

But honestly, why didn't you just try it yourself? It probably takes longer to post than it would to just make a test script...
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: a question about $_SERVER['PHP_SELF']

Post by Eric! »

FYI - That echo is open to xss like REQUEST_URI. As I found out by playing with it a few weeks ago so don't forget to filter it before echoing it out.
mayanktalwar1988
Forum Contributor
Posts: 133
Joined: Wed Jul 08, 2009 2:44 am

Re: a question about $_SERVER['PHP_SELF']

Post by mayanktalwar1988 »

hey u the person who called me numpty..i am not numpty (i am a little numpty)
i m lazy

here your anwser
/pro/topic.php



by the way i love this forum... :D
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: a question about $_SERVER['PHP_SELF']

Post by jackpf »

Eric! wrote:FYI - That echo is open to xss like REQUEST_URI. As I found out by playing with it a few weeks ago so don't forget to filter it before echoing it out.
So is PHP_SELF. Stuff after a slash after the extension is considered as part of PHP_SELF.

So say you had "blah.php" which contained

Code: Select all

echo $_SERVER['PHP_SELF'];
If you were to go to
http://....com/blah.php/<script>alert('XSS');</script>
you can inject javascript etc...as well.
hey u the person who called me numpty..i am not numpty (i am a little numpty)
i m lazy
Think about it - if everyone asked everything like that here instead of trying it themselves...how ridiculous would this forum become? And I did apologise :P
Post Reply