NYCPHP Meetup

[nycphp-talk] Re: PHP_SELF problems

Dan Cech dcech at phpwerx.net
Mon Jan 1 10:38:31 EST 2007


Jürgen Wind wrote:
>> I have not really followed this discussion, but when i see something like
> this:
>> "$_SERVER['SCRIPT_NAME'] will contain the full _filesystem_ path,
>> which is not what we're after."
>>
>> Can you just do a 1 line regex and pull out what you need? And you are all
> set.
>> :-) ed 
> 
> no need for regex here, a simple  basename($_SERVER['SCRIPT_NAME']) will do 
> Happy New Year!

As I outlined earlier in this thread, this will _not_ work if php is
running as a cgi, you'll get 'php4-cgi' instead of 'myfilename.php'
unless you have cgi.fix_pathinfo set to 1 (default is 0).

Your previous comment regarding the fact that __FILE__ will give the
name of the file it is placed in rather than the requested file is
perfectly valid and worth keeping in mind.

I'm starting to wonder whether the construct

<form action="?" method="post">

might be a simple secure way of getting around the requirement of having
something in the action field.  That doesn't help with the problem of
correctly and securely generating the root-relative URL of a script however.

Dan





More information about the talk mailing list