Getting the current URL

Discussion in 'PHP' started by enchance, Sep 17, 2007.

0
  1. #1
    How do I get the current URL of the page I am currently on? Also how would I get the URL of the page which referred me to the page I am in now?
     
    enchance, Sep 17, 2007 IP
  2. scriptman

    scriptman Peon

    Messages:
    175
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #2
    $currentPage = htmlspecialchars($_SERVER[’PHP_SELF’]);
    $referrerPage = htmlspecialchars($_SERVER[’HTTP_REFERER’]);

    You need to parse them for HTML or else they're potentially vulnerable to XSS vectors (Eg. http://www.example.com/register.php?"<script>alert('XSS')</script> if you're using PHP_SELF as a form action)
     
    scriptman, Sep 17, 2007 IP
  3. krt

    krt Well-Known Member

    Messages:
    829
    Likes Received:
    38
    Best Answers:
    0
    Trophy Points:
    120
    #3
    scriptman, he wants the URL, not the script path (and possibly query string) - note that they are not always the same, e.g. when rewriting URLs.

    $currentPage = $_SERVER['REQUEST_URI'];
     
    krt, Sep 17, 2007 IP
  4. scriptman

    scriptman Peon

    Messages:
    175
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Thanks for pointing out my misinterpretation, krt. I'd just gotten used to using PHP_SELF for relative hyperlinks ;)
     
    scriptman, Sep 17, 2007 IP
  5. enchance

    enchance Peon

    Messages:
    109
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    SO let me get this straight:
    
//current URL
$currentPage = $_SERVER['REQUEST_URL']; 

//referer URL. what does htmlspecialchars() do?
$referrerPage = htmlspecialchars($_SERVER[’HTTP_REFERER’]);
    Code (markup):
     
    enchance, Sep 18, 2007 IP
  6. kendo1979

    kendo1979 Peon

    Messages:
    208
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #6
    you could also try phpinfo() to get lots of idea about server variables.
     
    kendo1979, Sep 18, 2007 IP
  7. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #7
    For further reference on what functions do, go to www.php.net and type the function name in the search field.

    If the information there is unclear or you still don't understand.... then ask. :)


    And according to these weird quotes, this code has probably been copied from a blog or something, but there should be normal single or double quotes.
     
    nico_swd, Sep 18, 2007 IP
  8. sea otter

    sea otter Peon

    Messages:
    250
    Likes Received:
    23
    Best Answers:
    0
    Trophy Points:
    0
    #8
    From the php manual page on $_SERVER:

    
<?php
$self_url = sprintf('http%s://%s%s',
  (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE ? 's': ''),
  $_SERVER['HTTP_HOST'],
  $_SERVER['REQUEST_URI']
);
?>
    PHP:
     
    sea otter, Sep 18, 2007 IP
  9. scriptman

    scriptman Peon

    Messages:
    175
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #9
    Actually I wrote it out straight into the DP message form. I hadn't noticed the strangeness of those quotes but I used the standard key...

    Testing: ' ' ['test'] $referrerPage = htmlspecialchars($_SERVER['HTTP_REFERER']);


    ...That's very weird.


    enchance, Just noticed your question that's hidden inside a quote box. Htmlspecialchars escapes HTML characters. This helps prevent XSS attacks if you use HTTP_REFERER at the HTML level (for example someone could craft a link that grabs document.cookie and redirects you to their own site, where they record your cookie information).
     
    scriptman, Sep 18, 2007 IP
  10. enchance

    enchance Peon

    Messages:
    109
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #10
    Oh, so that's what it was. All your replies are really helpful. I'm gonna try them all out.
     
    enchance, Sep 18, 2007 IP