Page 1 of 1

Clean URL with $_SERVER['PATH_INFO']

Posted: Mon Apr 20, 2009 2:52 pm
by lauthiamkok
Hi,
I am trying to clean URL with $_SERVER['PATH_INFO'], why nothing comes out when I test it on my localhost?

Code: Select all

$data = explode('/',$_SERVER['PATH_INFO']);
print_r ($data);
result:
Array ( [0] => )

but when i test it with $_SERVER['REQUEST_URI'], then it has some result...

Code: Select all

$data = explode('/',$_SERVER['REQUEST_URI']);
print_r ($data);
Array ( [0] => [1] => folder [2] => file.php?pg=home )

Is it something to do with the configuration in my apache?

Please let me know if u have any idea. Many thanks.

Lau

Re: Clean URL with $_SERVER['PATH_INFO']

Posted: Mon Apr 20, 2009 3:02 pm
by jazz090
request uri is for some extreme apache functions, i dont know why pathinfo isnt working, its certainly not working on my server either so in the mean time instead of pathinfo use this: $_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME']

Re: Clean URL with $_SERVER['PATH_INFO']

Posted: Mon Apr 20, 2009 3:23 pm
by lauthiamkok
Thanks for the reply. i wont use $_SERVER['PATH_INFO'] then.

Does any one know what the idea behind using $_SERVER[] to clean the URL?

I have read a few tips online but I still cant get my head around it,

These are the source I came across so far, does any one know of a better source or tutorial about cleaning the URL without actually has to worry about mod_rewrite?

http://www.tutorio.com/tutorial/php-alt ... endly-urls
http://www.dobre.name/tutoriale/php/cle ... write.html
http://agachi.name/weblog/archives/2005 ... y-urls.htm

Many thanks,
Lau

Re: Clean URL with $_SERVER['PATH_INFO']

Posted: Mon Apr 20, 2009 3:28 pm
by jazz090
u shoud not need the whole url to get a clean url becuase what really matters in the last bit, u could however use $_SERVER['PHP_SELF']

Re: Clean URL with $_SERVER['PATH_INFO']

Posted: Mon Apr 20, 2009 7:31 pm
by McInfo
lauthiamkok wrote:Does any one know what the idea behind using $_SERVER[] to clean the URL?
Is cleaning the URL just an idea you came across and wanted to try out, or did you have a problem that you thought cleaning the URL would solve?

I thought the the third article in your list described the process fairly well (http://agachi.name/weblog/archives/2005 ... y-urls.htm). I didn't read all of it yet.

The idea described in that article was that you can make your site more search-engine-friendly by using URLs that look like folders:
http://example.com/real/folders/realfile.php/fake/folders/represent/variables
If you use a traditional URL, the URL for the same page looks like
http://example.com/real/folders/realfile.php?fake=folders&represent=variables
With both versions, you are passing GET variables to realfile.php.

Code: Select all

_GET => array
(
    [fake] => folders
    [represent] => variables
)
The PATH_INFO index of the $_SESSION array is set only when the URL has something attached to the end of it that starts with a forward-slash (/). So, of the two URLs above, only the first would populate $_SESSION['PATH_INFO'].

For that URL, the PATH_INFO would be
/fake/folders/represent/variables
Edit: This post was recovered from search engine cache.

Re: Clean URL with $_SERVER['PATH_INFO']

Posted: Mon Apr 20, 2009 8:18 pm
by McInfo
If you are looking for a way to write the URL to the current page without the extra attached, use $_SERVER['SCRIPT_NAME'].

For example, if the URL to your page is
and you want your HTML source to look like

Code: Select all

<form method="post" action="/path/to/file.php"></form>
your PHP code should look like

Code: Select all

<form method="post" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>"></form>
Many tutorials recommend using $_SERVER['PHP_SELF'] to do this, but try the next example to learn why you shouldn't.

attack.html

Code: Select all

<a href="target.php/%22%3E%3Cscript type=%22text/javascript%22%3Ealert%28%27hacked%27%29%3C/script%3E%3Cbr+id=%22">target.php</a>
target.php

Code: Select all

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"></form>
Click on the link in attack.html, then imagine what could happen if you were logged on to a site where target.php resides and you click on the attack.html link in an email that an attacker sent you. Also imagine what would happen if the script did something more than pop up an alert, like send your cookies to the attacker's site.

Edit: This post was recovered from search engine cache.