Where are my $_SERVER variables?

Need help installing PHP, configuring a script, or configuring a server? Then come on in and post your questions! We'll try to help the best we can!

Moderator: General Moderators

Post Reply
rsouthon
Forum Newbie
Posts: 5
Joined: Tue Jul 11, 2006 12:00 pm
Location: Toronto

Where are my $_SERVER variables?

Post by rsouthon »

Hi,

I've written lots of PHP scripts on a server managed by a 3rd party and now I'm switching to my own server. I installed PHP on Apache Tomcat and it works fine - except that when I ask for $_SERVER variables, they are all blank!

Do I have to set them up in the server? Where? How?

Thanks For Your Help,
RR


ps - i checked pretty much every one and even $_SERVER['PHP_SELF'] doesn't work
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

I think this has to do with the server settings. It has been spoken about quite often recently that reliance on Server Variables is at best a shot in the dark. Not only that, but it is insecure as well. You may want to look into alternative ways to achieve what you want out of your server variables.
User avatar
Oren
DevNet Resident
Posts: 1640
Joined: Fri Apr 07, 2006 5:13 am
Location: Israel

Re: Where are my $_SERVER variables?

Post by Oren »

rsouthon wrote:ps - i checked pretty much every one and even $_SERVER['PHP_SELF'] doesn't work
Try this:

Code: Select all

<?php
	print_r($_SERVER);
?>
And tell us what you get :wink:
rsouthon
Forum Newbie
Posts: 5
Joined: Tue Jul 11, 2006 12:00 pm
Location: Toronto

How do I set up the server variables?

Post by rsouthon »

I tried Oren's test and got this:

Array ( [argv] => Array ( ) [argc] => 0 )

I assume that means there are no server variables defined? So where and how do I set them?

If they are a true security threat, how should I be defining things like a variable that gives me the current page or the server root? I really don't know how I woulda have built my previous PHP applications with out them! It would have been messy. WHICH variables are a security threat? Maybe I can just set up the ones I want to use instead of all of them?

Thanks your help so far!
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Looking arounf the file system section of the manual gives good insight into how a developer would achieve what you want to achieve without the use of server variables. pathinfo(), basename() and dirname() come to mind.
rsouthon
Forum Newbie
Posts: 5
Joined: Tue Jul 11, 2006 12:00 pm
Location: Toronto

Forget Server Variables

Post by rsouthon »

Everah wrote:Looking arounf the file system section of the manual gives good insight into how a developer would achieve what you want to achieve without the use of server variables. pathinfo(), basename() and dirname() come to mind.
You're right! It seems like I can get most of the info I want out of file system functions. Other than that, I just use my own session variables. Thx!

RR
jamiel
Forum Contributor
Posts: 276
Joined: Wed Feb 22, 2006 5:17 am
Location: London, United Kingdom

Post by jamiel »

Your print_r indicates you might be executing the cli version of php rather than the cgi.
rsouthon
Forum Newbie
Posts: 5
Joined: Tue Jul 11, 2006 12:00 pm
Location: Toronto

Another way to get current page without server var

Post by rsouthon »

This is actually all i needed:
echo $PHP_SELF;
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

PHP_SELF can contain user input, so be careful with it.
User avatar
Oren
DevNet Resident
Posts: 1640
Joined: Fri Apr 07, 2006 5:13 am
Location: Israel

Post by Oren »

The Ninja Space Goat wrote:PHP_SELF can contain user input, so be careful with it.
What The Ninja Space Goat was trying to say: Don't use it.

Try this instead:

Code: Select all

$self = basename(__FILE__);
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Re: Another way to get current page without server var

Post by RobertGonzalez »

rsouthon wrote:This is actually all i needed:
echo $PHP_SELF;
$PHP_SELF also requires register_globals to be on. That is insane.

Do this instead:

Code: Select all

<?php
// If this is in the calling page
$file = basename(__FILE__);

// Or, if calling from outside the file, like an include
$file = basename($_SERVER['SCRIPT_FILENAME']);
?>
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Post by matthijs »

If you think about it. How many examples of form scripts do use echo PHP SELF? 90% of the scripts on hotscripts? 98% of the scripts in tutorials on how-to-build your own contact form?
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

well that is why I tend not to send people to online php tutorials... they tend to toss security and practice out the window.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

matthijs wrote:If you think about it. How many examples of form scripts do use echo PHP SELF? 90% of the scripts on hotscripts? 98% of the scripts in tutorials on how-to-build your own contact form?
Popularity != sensibility. Just because all of the lazy developers that submit scripts to Hotscripts use it does not mean that the rest of use less lazy developers should.
Post Reply