SitePoint Sponsor

User Tag List

Results 1 to 6 of 6

Hybrid View

  1. #1
    SitePoint Addict
    Join Date
    Nov 2005
    Posts
    241
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question request URI variable

    I have a simple question. Is $_SERVER['REQUEST_URI'] sent by the client's browser, or by the server? I am pretty sure based on PHP docs that it is defined by the server.

    My second question is, would $_SERVER['REQUEST_URI'] return the same thing for both of the following?

    http://mysite.com/index.php?skjwlfjw
    http://mysite.com/index.php

    Essentially, I am asking whether or not the query string makes a difference.

    The reason is because I need to know if this is an ok solution for an authorization check to a webpage. Would something like the following be secure?

    PHP Code:
    if($_SERVER['REQUEST_URI'] != $allowed_uri){
    exit;
    }

    // page content 

    Thanks in advance.

  2. #2
    SitePoint Zealot Servyces's Avatar
    Join Date
    Jun 2007
    Location
    The Netherlands
    Posts
    112
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    $_SERVER['REQUEST_URI'] will include the querystring. You should be looking for $_SERVER['SCRIPT_NAME'], that doesn't include a querystring.

    To see the differences between various $_SERVER vars, create a new PHP page with this code, upload it and run it from your site at different locations to see what each variable does:

    PHP Code:
    <?php
    print_r
    ($_SERVER);
    ?>
    Last edited by Servyces; Jun 13, 2007 at 09:31.
    Servyces.com
    Where itís all about you.
    Your partner in online solutions.
    Visit our website at http://www.servyces.com/

  3. #3
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Request URI is part of the HTTP-request, and as such, sent by the client.

  4. #4
    SitePoint Addict
    Join Date
    Nov 2005
    Posts
    241
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So would $_SERVER['SCRIPT_NAME'] be secure to use like I have shown above?

  5. #5
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes. SCRIPT_NAME is provided by the server. REQUEST_URI is provided by the client. It would also be safe to rely on though, since the script would have never been called, if the value was different (Unless you have mod_rewrite or similar running).

  6. #6
    SitePoint Addict
    Join Date
    Nov 2005
    Posts
    241
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok. Thanks a lot.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •