Can you explain usage of predefined variables called $_SERVER['PHP_SELF']?
PHP programming language provides a lots of predefined variables. Your php script can access a large number of such predefined variables.
$_SERVER array
$_SERVER is an array defined in PHP and it stores information about your server and execution environment information.
$_SERVER['PHP_SELF'] variable
This array element points out the filename of the currently executing script. For example, if you run www.cyberciti.biz/index.php, $_SERVER['PHP_SELF'] would be /index.php. This is relative to the document root. This is useful to referring HTML forms and other element.
.... <div class="forumform"> <form action="' . $_SERVER[PHP_SELF]. '" method="post" onSubmit="return checkForm()" name="pforum"> ....
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- My 10 UNIX Command Line Mistakes
- Linux: 20 Iptables Examples For New SysAdmins
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Facebook it - Tweet it - Print it -
{ 2 comments… read them below or add one }
There is also a magic php constant __FILE__ .
The php.net documentation goes like this:
The full path and filename of the file. If used inside an include, the name of the included file is returned. Since PHP 4.0.2, __FILE__ always contains an absolute path with symlinks resolved whereas in older versions it contained relative path under some circumstances.
Be careful!
$_SERVER['PHP_SELF'] contains not only the path to the current PHP script, it also contains the PATH_INFO ($_SERVER['PATH_INFO']). This is something very useful which allows you to attach further information to a file. For example MediaWiki uses it in this way: index.php/Article_Name whereas /Article_Name is the PATH_INFO.
The downside is that this is a possible security vulnerability (XSS, CSRF etc.). To get the raw script name without any PATH_INFO you have to use $_SERVER['SCRIPT_NAME'].