$_SERVER['PHP_SELF'] not working how I need it to

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

$_SERVER['PHP_SELF'] not working how I need it to

Post by tecktalkcm0391 »

Whenever I use $_SERVER['PHP_SELF'] it doesn't give me http://site.com/folder/file.php

When I put:

Code: Select all

<?php print($_SERVER['PHP_SELF']); ?>
On anypage i just get //folder/file/.php

Does anybody know why?
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

I don't use PHP_SELF personally because of the security risks.
If you need to submit a form to the same location as it was requested from you can use a dot

Code: Select all

<form action="." method="post">
Otherwise look to the other $_SERVER elements.
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Post by tecktalkcm0391 »

what are the security risks but ok . is good didn't know that thanks!
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

This request:

Code: Select all

http://www.siteThatUsesPHP_SELF.com/?"><script>alert('evil hack!')</script><a id="
and this PHP:

Code: Select all

echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post">';
will produce this:
<form action="http://www.siteThatUsesPHP_SELF.com/"><script>alert('evil hack!')</script><a id="" method="post>

or something like that.
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Post by tecktalkcm0391 »

the .dot. does not work it brings me from site.com/folder/file.php to site.com/folder/
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Have you tried the PHP constant __FILE__?
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Try this...

Code: Select all

$SELF_URL = strtolower(strtok($_SERVER['SERVER_PROTOCOL'], '/')).'://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'];
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Post by tecktalkcm0391 »

its still not working i am getting: http://site:81//folder/register.php? which shows up as page can't be displayed
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

tecktalkcm0391 wrote:its still not working i am getting: http://site:81//folder/register.php? which shows up as page can't be displayed
Ok, so besides the fact that there is an extra forward slash in the url, what is wrong with it? Are you using uppercase letters in your actual url? If so remove the strtolower() function from the code I gave you.
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Post by tecktalkcm0391 »

the :81 is what i think is happening to make it not work
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Works for me.
Post Reply