Page 1 of 1

how to set $PHP_SELF ?

Posted: Thu Mar 01, 2007 1:07 pm
by rekha_harnoor
Everah | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


[quote="[url=http://forums.devnetwork.net/viewtopic.php?t=30037]Forum Rules[/url] Section 1.1"][b]3.[/b] Do not make multiple, identical posts. This is viewed as spam and will be deleted.[/quote]

Hi I am using php5 and I don't know how to set PHP_SELF. When I run the following code I am getting dummy.php which I don't know from where it is coming.

Code: Select all

<?php 
echo $_SERVER['PHP_SELF']; 
?>


Please tell me how to set and use
$_SERVER['PHP_SELF'];
$PHP_SELF;


Everah | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Thu Mar 01, 2007 2:14 pm
by fdan
From http://us2.php.net/reserved.variables
$_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server.
You don't set it directly. The server does that for you as far as I know.

However...

You can change the original URL and have the server modify the value of this variable for you (as it is done wit xss exploits) but normally you would not want to change this.

You use this variable whenever you want to reference
The filename of the currently executing script, relative to the document root.
(from the above mentioned URL)

Hope this help

fdan

Posted: Thu Mar 01, 2007 2:20 pm
by RobertGonzalez
Don't use PHP_SELF. It is unreliable and can be easily manipulated. To get the same effect, use:

Code: Select all

<?php
$self = basename(__FILE__);
?>

Posted: Fri Mar 02, 2007 2:01 am
by jmut
Everah wrote:Don't use PHP_SELF. It is unreliable and can be easily manipulated. To get the same effect, use:

Code: Select all

<?php
$self = basename(__FILE__);
?>
This does not have the same effect.

Code: Select all

// Requested url: http://localhost/test/test.php

echo basename(__FILE__);
echo "<br>";
echo $_SERVER['PHP_SELF'];

//outputs
//        test.php
//        /test/test.php

A secure PHP_SELF would be

Code: Select all

$PHP_SELF = substr($_SERVER['PHP_SELF'], 0, (strlen($_SERVER['PHP_SELF']) - @strlen($_SERVER['PATH_INFO'])));

Re: how to set $PHP_SELF ?

Posted: Fri Mar 02, 2007 4:59 am
by Kadanis
rekha_harnoor wrote:Hi I am using php5 and I don't know how to set PHP_SELF. When I run the following code I am getting dummy.php which I don't know from where it is coming.

Code: Select all

<?php 
echo $_SERVER['PHP_SELF']; 
?>
just a side note but if you are running this in Zend debug and not on a live server, then Zend returns "dummy.php" as the value PHP_SELF.

Re: how to set $PHP_SELF ?

Posted: Fri Mar 02, 2007 5:14 am
by jmut
Kadanis wrote:
rekha_harnoor wrote:Hi I am using php5 and I don't know how to set PHP_SELF. When I run the following code I am getting dummy.php which I don't know from where it is coming.

Code: Select all

<?php 
echo $_SERVER['PHP_SELF']; 
?>
just a side note but if you are running this in Zend debug and not on a live server, then Zend returns "dummy.php" as the value PHP_SELF.
and dummy.php is placed where relative to webroot ?