$PHP_SELF and $_SERVER['PHP_SELF']

**freak** · Dec 6, 2004 20:05

What is the difference between $PHP_SELF and $_SERVER['PHP_SELF']?

Why do people use $_SERVER['PHP_SELF'] if it is longer and more difficult to type?

**HardCoded** · Dec 6, 2004 20:10

Just in case your code ever has to run where register_globals is off.

**codyrockx** · Dec 6, 2004 20:24

using it through the $_SERVER array is always better, despite it `taking more time` because of more typing; it'll save you many hassles. Among knowing exactly where it came from, you will then avoid any server change issues that may result in your program falling apart.

**mullen** · Dec 7, 2004 05:53

Think about what would happen if someone added "...?PHP_SELF=blah" to the end of the URL. Without accessing PHP_SELF through the superglobal $_SERVER array, you are introducing easily avoidable security vulnerabilities.

**vinyl-junkie** · Dec 7, 2004 06:14

Always have register globals off, and then you don't have to worry what a visitor might put at the end of a URL.

I've seen some pretty strange URL endings in my server log lately. They've all up on my 404 page.

User Tag List

Thread: $PHP_SELF and $_SERVER['PHP_SELF']

Thread Tools

Display

$PHP_SELF and $_SERVER['PHP_SELF']

Bookmarks

Bookmarks

Posting Permissions