Reliability of $_SERVER['SCRIPT_URI']

I’m looking to create links of the current executing script as the user sees it in the address bar of their browser, minus any query strings or the stuff after the hash (#).

Looking through the $_SERVER variables that phpinfo() spits out for my server, SCRIPT_URI seems to be the only way that produces what I want. SCRIPT_NAME will produce something completely different if mod_rewrite is being used and REQUEST_URI doesn’t include the protocol and domain, and includes query string and other cruft after it.

However, I’ve noticed that on my local XAMPP installation SCRIPT_URI is NULL. It’s also not mentioned in the manual’s $_SERVER entry. It seems to be something that the server software itself may or may not produce, but I would love to be corrected on this.

This PHP script will be installed on different servers I have no control over. So my question is, can I reliably use $_SERVER[‘SCRIPT_URI’]? Or should I use something like the following:

$scripturi = 'http://' . $_SERVER['SERVER_NAME'] . strtok($_SERVER['REQUEST_URI'], '?');

And that assumes HTTP is being used. I don’t know what I’d do if HTTPS were being used (although this is probably pretty unlikely).

Sorry I can’t help with the first question.

But you can check if HTTP/HTTPS is being used with $_SERVER[‘SERVER_PROTOCOL’]

PHP_SELF is used more often
or, if human-readable urls is used, REQUEST_URI then

I don’t know what I’d do if HTTPS were being used

$_SERVER has a variable for you

SERVER_NAME is wrong, HTTP_HOST must be used instead, at least if defined.

But I’d won’t advise anyone to use full uri in the links. absolute path is enough

Thanks AlienDev, I should have found SERVER_PROTOCOL myself.

I should have mentioned this is a link that will be emailed to people, so the full path is needed. Won’t PHP_SELF show a different path if mod_rewrite is being used?

For example, if the browser location bar says this:

http://www.example.com/mammals/badgers/?theme=badgery&foo=bar

and on the server that URI is rewritten to:

http://www.example.com/index.php?type=mammals&species=badgers&theme=badgery&foo=bar

Then I want the link emailed to this person to be:

http://www.example.com/mammals/badgers/

substr($_SERVER[‘REQUEST_URI’], 0, strpos($_SERVER[‘REQUEST_URI’], ‘?’));

That should be what you need.

Won’t PHP_SELF show a different path if mod_rewrite is being used?

Sure it will.
As I said above, REQUEST_URI should be used instead.

Then I want the link emailed to this person to be:
http://www.example.com/mammals/badgers/

well you have nothing to change in your code then

substr($_SERVER['REQUEST_URI'], 0, strpos($_SERVER['REQUEST_URI'], '?'))

OK, thanks. That won’t have the protocol or domain in it, though, because REQUEST_URI starts at the document root.

I read that none of the HTTP_ variables can be trusted. So what should I use for the [URL=“http://www.example.com”]www.example.com bit if SERVER_NAME is dodgy and HTTP_HOST is (allegedly) unreliable?

As it is not for immediate action, you can use many other ways to assign a domain part.
Even a variable hardcoded in some config file.

For the HTTP_HOST, unlike many other request headers, it is reliable enough. As well as REQUEST_URI in which you no doubt.

I don’t want to hardcode the domain. This is a script which someone with almost no PHP skills should be able to use. It’s for public distribution. Thus I want to work out the domain automatically.

I imagined HTTP_HOST would be relatively safe, so I’ll use it with REQUEST_URI and SERVER_PROTOCOL. Thanks for your help chaps. :slight_smile:

HTTP_HOST is the HOST header in the http request sent by the client. Your webserver maps this for you, but it is possible you might have more than one domain mapping to the same web root. But, it’s probably desirable for the HTTP_HOST to reflect what was requested in this case.

But, http 1.0 doesn’t support the HOST header. I’m not so sure on the details, but depending on the webserver and config, I wouldn’t be surprised if that variable is either non-existent, blank, or maybe just an ip address.

I use REQUEST_URI and setup something in the applications config file that starts out using HTTP_HOST but can be set to a hard-coded domain name if problems are experienced.

Thanks guys. It still seems there isn’t anything concrete and crystal-clear to do what I want, but I’ll have to make do.

If the web server has several websites sharing the same IP address, then HTTP_HOST is dependable. The browser has to send a correct name otherwise the web server wouldn’t know which website to return.

However, if the web server doesn’t use virtual hosts, then the host header isn’t needed and it could be very wrong.

SERVER_NAME is provided by the web server and it often is a hard-coded value defined by the person / thing that set up the account, and so it could be very wrong.

A reference for the environment variables can be found here:
http://hoohoo.ncsa.illinois.edu/cgi/env.html