NYCPHP Meetup

[nycphp-talk] Re: PHP_SELF problems

Hans Zaunere lists at zaunere.com
Mon Jan 1 12:40:08 EST 2007



Dan Cech wrote on Monday, January 01, 2007 10:39 AM:
> Jürgen Wind wrote:
> > > I have not really followed this discussion, but when i see
> > > something like this: "$_SERVER['SCRIPT_NAME'] will contain the
> > > full _filesystem_ path, 
> > > which is not what we're after."
> > > 
> > > Can you just do a 1 line regex and pull out what you need? And
> > > you are all set. :-) ed
> > 
> > no need for regex here, a simple  basename($_SERVER['SCRIPT_NAME'])
> > will do Happy New Year!

This is akin to what I do.

> As I outlined earlier in this thread, this will _not_ work if php is
> running as a cgi, you'll get 'php4-cgi' instead of 'myfilename.php'
> unless you have cgi.fix_pathinfo set to 1 (default is 0).

I think there's two important sides to this discussion.

In the larger more complex applications, it's vital that paths/URLs be
dynamically generated and understood.  Like most complex applications, there
are some environmental constraints - one of which is a properly configured
PHP running as an Apache DSO.  Thus I use a combination of SCRIPT_NAME and
other URL/filesystem variables to determine how to write out and read in
URLS/paths/etc.

For simpler application, you're likely running in an environment that isn't
always known, or that can change - ie, shared hosting with a prepackaged CMS
system of some sort.  In such cases, maybe it is possible to always use
hardwired filenames, etc..  I know that's what I did for my first
application :)

In a similar context, there's and always exciting flame war on NYLUG
regarding PHP security:

http://www.nylug.org/pipermail/nylug-talk/2006-December/thread.html

And search for PHP Security.

They're also looking to deploy Joomla for their next release of
www.nylug.org


Happy New Year everyone - to a good 2007!

---
Hans Zaunere / President / New York PHP
   www.nyphp.org  /  www.nyphp.com






More information about the talk mailing list