How reliable REQUEST_URI ?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
will83
Forum Commoner
Posts: 53
Joined: Thu Nov 10, 2005 3:13 pm

How reliable REQUEST_URI ?

Post by will83 »

Can anyone say how reliable this method is?

We would much prefer to be given a unique URL as I have heard that using php to record the referring URL is not 100% accurate.

Can anyone confirm this and why it is not reliable?

I would appreciate any information at all,

Many thanks in advance,

Will.
Last edited by will83 on Wed Sep 27, 2006 7:03 am, edited 1 time in total.
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Maybe you can elaborate on exactly what you want to know?

The referring url (not REQUEST_URI), is not completely reliable. Basically if the data comes from the client browser, then it can be modified and changed. This is not a PHP issue - it's a client issue.
User avatar
bokehman
Forum Regular
Posts: 509
Joined: Wed May 11, 2005 2:33 am
Location: Alicante (Spain)

Post by bokehman »

Just keep a record your end and make sure the total tallies.
User avatar
will83
Forum Commoner
Posts: 53
Joined: Thu Nov 10, 2005 3:13 pm

Post by will83 »

Ok thanks for the input,

Is the only reason why the referring url is not logged by this method because of someone actually purposefully changing this?

Can it occur for any other reason?

I just want to check how reliable it is as it is important that this info is logged.

Thanks again, Will
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

User controlled = not reliable, period.

Even a basic user can disable referer logging (f12 in Opera), which will explain hits without referer (also possible if the url is accessed directly)

The danger comes from a malitious hacker changing the referer - depending on how you do the logging the consequences may range from nothing (the best!) to sql injection and/or XSS. So be careful and escape it properly.
Post Reply