Page 1 of 1

$_SERVER['PHP_SELF'] not working how I need it to

Posted: Tue Jul 11, 2006 3:36 pm
by tecktalkcm0391
Whenever I use $_SERVER['PHP_SELF'] it doesn't give me http://site.com/folder/file.php

When I put:

Code: Select all

<?php print($_SERVER['PHP_SELF']); ?>
On anypage i just get //folder/file/.php

Does anybody know why?

Posted: Tue Jul 11, 2006 3:50 pm
by Ollie Saunders
I don't use PHP_SELF personally because of the security risks.
If you need to submit a form to the same location as it was requested from you can use a dot

Code: Select all

<form action="." method="post">
Otherwise look to the other $_SERVER elements.

Posted: Tue Jul 11, 2006 3:53 pm
by tecktalkcm0391
what are the security risks but ok . is good didn't know that thanks!

Posted: Tue Jul 11, 2006 4:02 pm
by Ollie Saunders
This request:

Code: Select all

http://www.siteThatUsesPHP_SELF.com/?"><script>alert('evil hack!')</script><a id="
and this PHP:

Code: Select all

echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post">';
will produce this:
<form action="http://www.siteThatUsesPHP_SELF.com/"><script>alert('evil hack!')</script><a id="" method="post>

or something like that.

Posted: Tue Jul 11, 2006 4:08 pm
by tecktalkcm0391
the .dot. does not work it brings me from site.com/folder/file.php to site.com/folder/

Posted: Tue Jul 11, 2006 4:17 pm
by RobertGonzalez
Have you tried the PHP constant __FILE__?

Posted: Tue Jul 11, 2006 4:23 pm
by Benjamin
Try this...

Code: Select all

$SELF_URL = strtolower(strtok($_SERVER['SERVER_PROTOCOL'], '/')).'://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'];

Posted: Tue Jul 11, 2006 4:29 pm
by tecktalkcm0391
its still not working i am getting: http://site:81//folder/register.php? which shows up as page can't be displayed

Posted: Tue Jul 11, 2006 4:31 pm
by Benjamin
tecktalkcm0391 wrote:its still not working i am getting: http://site:81//folder/register.php? which shows up as page can't be displayed
Ok, so besides the fact that there is an extra forward slash in the url, what is wrong with it? Are you using uppercase letters in your actual url? If so remove the strtolower() function from the code I gave you.

Posted: Tue Jul 11, 2006 4:41 pm
by tecktalkcm0391
the :81 is what i think is happening to make it not work

Posted: Tue Jul 11, 2006 4:58 pm
by Benjamin
Works for me.