what is the difference between $_SERVER['REQUEST_URI'] and $_GET['q']?
Given this example url:
http://www.example.com/some-dir/yourpage.php?q=bogus&n=10
$_SERVER['REQUEST_URI'] will give you:
/some-dir/yourpage.php?q=bogus&n=10
Whereas $_GET['q'] will give you:
bogus
In other words, $_SERVER['REQUEST_URI'] will hold the full request path including the querystring. And $_GET['q'] will give you the value of parameter q in the querystring.
$_SERVER['REQUEST_URI'] and $_GET
You should use urlencode() to encode $destination before you add it to the URL.
Basically, you are adding a value to a URL with a & in it which is a special character used for other purposes in a URL. The server is seeing this character and is cutting the value short. By encoding it, you should get the correct value.
You can use urldecode() to return the value back to normal later on.
What is the difference between $_SERVER['REQUEST_URI'] and $_SERVER['REQUEST_URI'] (note double quotes)?
If you want to use superglobals, do it in UPPERCASE. For example if you really want to return FULL adress, you could do it like this:
$real_url = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
PHP_SELF vs PATH_INFO vs SCRIPT_NAME vs REQUEST_URI
The PHP documentation can tell you the difference:
'PHP_SELF'
The filename of the currently executing script, relative to the document root. For instance, $_SERVER['PHP_SELF'] in a script at the address http://example.com/test.php/foo.bar would be /test.php/foo.bar. The __FILE__ constant contains the full path and filename of the current (i.e. included) file. If PHP is running as a command-line processor this variable contains the script name since PHP 4.3.0. Previously it was not available.
'SCRIPT_NAME'
Contains the current script's path. This is useful for pages which need to point to themselves. The __FILE__ constant contains the full path and filename of the current (i.e. included) file.
'REQUEST_URI'
The URI which was given in order to access this page; for instance, '/index.html'.
PATH_INFO doesn't seem to be documented...
Ensure that url was called with specific parameter
You can use the isset() function - this is a very common thing to use if you need to check whether input values have been provided or not.
In the simplest case, just exit the script if the value isn't set:
if (!isset($_GET["abc"])) exit();
Documentation: https://www.php.net/manual/en/function.isset.php
P.S. $_SERVER['REQUEST_URI'] provides the whole URI following the domain, including the path and the whole querystring. So you could pick that apart to get the value you want, but it's pointless because $_GET["abc"] will take you straight to it. See this answer for an example of the difference.
What is the script in javascript equals to $_SERVER['REQUEST_URI'] in php?
You get the equivalent of $_SERVER['REQUEST_URI'] by appending location.pathname and location.search:
var request_uri = location.pathname + location.search;
PHP URL redirect error
try the following:
if (isset($_GET['link'])) {
header("Location: {$_GET[link]}");
}else{
echo 'invalid link';
}
' single quotes cannot escape variables in php you need to use " double quotes for that. And there is not need to enclose the index with quotes when being used inside a string. And as for the {} curly brackets that I am using look into Complex Curly Brackets
Also, as you were doing it with 'Location: $_GET['link']' there was another problem with that, that the string was starting from 'Location: but was ending at $_GET[' because it was closing the single quotes there and was causing an error too.
Is comparing a variable to $_SERVER['PHP_SELF'] safe usage?
A better code example would be:
if ($_SERVER['SCRIPT_NAME'] === $thisPage) { }
Still, it depends on the contents of $thisPage. If $thisPage contains $_SERVER['PHP_SELF'] too, you should change that to $_SERVER['SCRIPT_NAME']
If you really can't use alternatives like __FILE__ and $_SERVER['SCRIPT_NAME'], and make sure you understand the checks involved, yes.
For example, this URL: http://example.com/sick.php/mwuahahahaha gives:
/sick.php/mwuahahahaha
Comparing is allowed, for non-critical things like CSS.
If there's no need to get the requested path (no URL rewrites), use $_SERVER['SCRIPT_NAME'].
If you really need $_SERVER['PHP_SELF'] (rewrited URL), escape them when outputting (using htmlentities($_SERVER['PHP_SELF']).
Overview of variables:
__FILE__: contains the full filesystem path from the active script. E.g.:<?php /*test.php*/ include 'file.php';?><?php /*file.php*/ echo __FILE__;?>
Requesting test.php gives something like:/var/www/file.php(and not/var/www/test.php)$_SERVER['SCRIPT_FILENAME']: contains the filesystem path of the requested script, e.g./var/www/test.php$_SERVER['SCRIPT_NAME']: contains the path of the requested script (like a filesystem one, but with the document root stripped), e.g./test.php(even when using rewrited URL's)$_SERVER['PHP_SELF']: contains a translated path (//->/,.and..resolved), but with additional path info.$_SERVER['REQUEST_URI']: the worst of these, it contains the raw string in the request as in.GET [REQUEST_URI] HTTP/1.0. (escaped) nullbytes are still visible in here. This is just the raw data betweenGET(or whatever methode you use) andHTTP/1.0(or whatever HTTP version you use)
A comparison of these variables:
I performed this test with nc, but telnet should suffice too. Server was from http://xampp.org/. The requested file is test.php, which contains:
<?php
$properties = array('SCRIPT_FILENAME', 'SCRIPT_NAME', 'PHP_SELF', 'REQUEST_URI');
printf("% 15s: %s\n", '__FILE__', __FILE__);
foreach($properties as $property){
printf('% 15s: %s', $property, $_SERVER[$property]."\n");
}
?>
Test:
$ nc localhost 80
GET ///somedir/./../////test.php/somedata%20here?q%00=%25 HTTP/1.0
HTTP/1.1 200 OK
Server: Apache/2.2.14 (Unix)
[stripped]
__FILE__: /opt/lampp/htdocs/test.php
SCRIPT_FILENAME: /opt/lampp/htdocs/test.php
SCRIPT_NAME: /////test.php
PHP_SELF: /////test.php/somedata here
REQUEST_URI: ///somedir/./../////test.php/somedata%20here?q%00=%25
Using RewriteRule ^page/test test.php:
$ nc localhost 80
GET ///somedir/./../page//.////test/somedata%20here?q%00=%25 HTTP/1.0
HTTP/1.1 200 OK
Server: Apache/2.2.14 (Unix)
[stripped]
__FILE__: /opt/lampp/htdocs/test.php
SCRIPT_FILENAME: /opt/lampp/htdocs/test.php
SCRIPT_NAME: /test.php
PHP_SELF: /test.php
REQUEST_URI: ///somedir/./../page//.////test/somedata%20here?q%00=%25
Conclusion: the safest variable to use in most cases is $_SERVER['SCRIPT_NAME'].
Making page that user is viewing stay on page rather than redirecting to home page
You can make use of $_SERVER['REQUEST_URI'].
Example:
$current_url = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
header("Location: $current_url");
Answer to revised question:
The #registered_members part of the URL, known as the fragment identifier, is never sent to the server—it is client-side only. So PHP is never aware that even exists.
You can, however, check for it with JavaScript when the page reloads and then update the page based on whether it's present or not.
<script>alert(window.location.hash);</script>
Why do some PHP installations have $_SERVER['SCRIPT_URI'] and others not?
According to a post on WebHostingTalk it comes from mod_rewrite:
Add
RewriteEngine OnTo the virtual host in your httpd.conf file that you want to turn this
on for and then restart apache.
Related Topics
How to Select Multiple Files for Upload
Codeigniter: How to Do a Select (Distinct Fieldname) MySQL Query
Remove Everything from the First Occurrence of a Character to the End of a String in PHP
Root Path Doesn't Work with PHP Include
At' Symbol Before Variable Name in PHP: @$_Post
How to Format Messages for Queueing
Updating Column So That It Contains the Row Position
Format Output of $Simplexml->Asxml();
Simplexml_Load_String() Fail to Parse Error
PHP & Hash/Fragment Portion of Url