Jump to content


This topic is now archived and is closed to further replies.



Recommended Posts

I read in another thread that PHP_SELF is unreliable. Is this true :



$_SERVER['SCRIPT_NAME'] is reliable on all server types .. all the various connotations of PHP_SELF are known to be "unreliable/hackable/spoofable".


osCommerce itself and many contributions (Which is why header tags throws errors with Ultimate Seo Urls 5 in standard mode) .. rely on PHP_SELF and there is a possibility if you have installed a contribution such as this .. or any other that relies on the return of PHP_SELF that you may get problems/redirect loops .. the solution is to replace all instances of $PHP_SELF or $_SERVER['PHP_SELF'] or $HTTP_SERVER_VARS['PHP_SELF'] with basename( $_SERVER['SCRIPT_NAME'] ).


PHP_SELF is used (in the main) to return the current file name and for this purpose should NOT be used .. $_SERVER['SCRIPT_NAME'] performs the same function but reliably .


basename( $_SERVER['SCRIPT_NAME'] ) is what will return a valid filename for the currently executing file.

Share this post

Link to post
Share on other sites

$_SERVER['SCRIPT_NAME'] can fail when PHP is being run as a CGI. The best solution I have found is in this post




See my profile for a list of my addons and ways to get support.

Share this post

Link to post
Share on other sites