Page 1 of 1
How reliable REQUEST_URI ?
Posted: Tue Sep 26, 2006 9:56 am
by will83
Can anyone say how reliable this method is?
We would much prefer to be given a unique URL as I have heard that using php to record the referring URL is not 100% accurate.
Can anyone confirm this and why it is not reliable?
I would appreciate any information at all,
Many thanks in advance,
Will.
Posted: Tue Sep 26, 2006 11:28 am
by Maugrim_The_Reaper
Maybe you can elaborate on exactly what you want to know?
The referring url (not REQUEST_URI), is not completely reliable. Basically if the data comes from the client browser, then it can be modified and changed. This is not a PHP issue - it's a client issue.
Posted: Tue Sep 26, 2006 11:49 am
by bokehman
Just keep a record your end and make sure the total tallies.
Posted: Wed Sep 27, 2006 6:05 am
by will83
Ok thanks for the input,
Is the only reason why the referring url is not logged by this method because of someone actually purposefully changing this?
Can it occur for any other reason?
I just want to check how reliable it is as it is important that this info is logged.
Thanks again, Will
Posted: Wed Sep 27, 2006 6:30 am
by Mordred
User controlled = not reliable, period.
Even a basic user can disable referer logging (f12 in Opera), which will explain hits without referer (also possible if the url is accessed directly)
The danger comes from a malitious hacker changing the referer - depending on how you do the logging the consequences may range from nothing (the best!) to sql injection and/or XSS. So be careful and escape it properly.