php 中 if($addr != $outin or out$addr != $in)这句话错了吗?
点击联系发帖人
时间:2015-06-28 00:30
1, $ _SERVER ['PHP_SELF'] - for currently executing script file name 2, $ _SERVER ['SERVER_PROTOCOL'] - request a page name and version of the protocol. For example, &HTTP/1.0&. 3, $ _SERVER ['REQUEST_TIME'] - request start timestamp. Starting f
HowTo Install Request-Tracker 3.8 on ubuntu 9.10 and MySQL This Howto will explain how to install request-tracker on a clean Ubuntu 9.10 Server install. It is tested on Ubuntu 9.10 and might work with slight modifications on other versions or Debian
1, $ _SESSION ['PHP_SELF'] - for currently executing script file name 2, $ _SERVER ['SERVER_PROTOCOL'] - request a page name and version of the protocol. For example, &HTTP/1.0&. 3, $ _SERVER ['REQUEST_TIME'] - request start timestamp. Starting
&PHP_SELF& Currently executing script file name, and the document root. For example, in the URL address of the script for the /test.php/foo.bar use $ _SERVER ['PHP_SELF'] will be / test.php / foo.bar this result. __FILE__ Const
PHP programmers often need to use some server some of the information, especially the detailed parameters of the $ _SERVER gathering information to facilitate future use. $_SERVER['PHP_SELF'] # The currently executing script file name, and document r
1. $_SERVER['PHP_SELF'] # The currently executing script file name, and document root Related . 2. $_SERVER['argv'] # Array of arguments passed to the script . 3. $_SERVER['argc'] # Contains command line parameters passed to the number of ( If you ru
$_SERVER['PHP_SELF'] // Currently executing script file name, and document root Related . $_SERVER['argv'] // The parameters passed to the script . $_SERVER['argc'] // Contains the command line passed to the program the number of parameters ( If runn
PHP programmers often need to use some server some of the information, especially the detailed parameters of the $ _SERVER gathering information to facilitate future use. $ _SERVER Code: $ _SERVER ['PHP_SELF'] # currently executing script file name,
$ _SERVER ['PHP_SELF'] # currently executing script file name, and the document root. $ _SERVER ['Argv'] # the parameters passed to the script. $ _SERVER ['Argc'] # contains the command line passed to the program the number of parameters (If you run
php $ _SERVER the wording of the current complete url 'Http://'. $ _SERVER ['HTTP_HOST'].$_ SERVER [' PHP_SELF'].'?'.$_ SERVER ['QUERY_STRING']; Array ( [DOCUMENT_ROOT] =& /home6/twosixe2/public_html/king [GATEWAY_INTERFACE] =& CGI/1.1 [HTTP_ACCEPT]
Detailed server variable $ _SERVER: 1, $ _SESSION ['PHP_SELF'] - get current file name of the script being executed 2, $ _SERVER ['SERVER_PROTOCOL'] - request a page name and version of the communication protocol. For example, &HTTP/1.0&. 3, $ _
PHP In $_SERVER Detailed Usage $_SERVER['PHP_SELF'] # Currently executing script file name, and document root Related . $_SERVER['argv'] # The parameters passed to the script . $_SERVER['argc'] # Contains the command line passed to the program the nu
dedecms very powerful, but there are always things that can not meet our own needs, which requires us to use in the design template to write programs &dede:php& Zhege tag, there are always inevitably to query, update, modify the database. But not pl
Note: Transfer from the Internet. Manual carefully to learn a bit today on the content of server variables, write a note, posted hope to help beginners. I think red is more common and important, the blue part is added after I debug, easy to understan
About $ _SERVER ['SCRIPT_URL'] the source of the problem Quoted from /houdelei250/blog/item/c2dc8a7ef3f13.html $ _SERVER ['SCRIPT_URL'] is not a standard CGI / SSI environment variables, and only applied in the request p
&?php /** * CURL Impersonation HTTP request tool , * Supports the following features : * 1: Support ssl connection and proxy Proxy connection * 2: Automatic support for cookie * 3: Simple GET / POST routine operation * 4: Support single file upload m
Detailed server variable $ _SERVER: 1, $ _SESSION ['PHP_SELF'] - get current file name of the script being executed 2, $ _SERVER ['SERVER_PROTOCOL'] - request a page name and version of the communication protocol. For example, &HTTP/1.0&. 3, $ _
{$ Smarty} reserved variable from the PHP script does not require the allocation can be accessed directly in the template array type variables, commonly used to access several special template variables. For example, a direct request to access the pa
Expires, Cache-Control, Last-Modified, ETag is RFC 2616 (HTTP/1.1) protocol and in several fields related to web caching. The first two are used to control the cache expiration date, after the Web page used to verify the validity of two. Note that, H
1 related rpm packages installed, so if you are lazy enough, you can directly install-soap.sh install-soap.sh: #! /bin/sh yum install mysql* -y yum install php-mysql -y yum install php php-soap php-pear-SOAP -y pear install -f -o SOAP (2) the establi
这篇文章主要介绍了php中time()与$_SERVER[REQUEST_TIME]用法区别,详细分析了time()与$_SERVER[REQUEST_TIME]的用法,并以实例形式对比总结了二者在获取当前系统时间戳与请求时间戳的区别,需要的朋友可以参考下 本文实例详细讲述了php中time()与$_SERVER[REQUEST_TIME]用法的区别.分享给大家供大家参考.具体分析如下: 简单的说time()与$_SERVER[&REQUEST_TIME&]都是获得时间的,但time返
这篇文章主要介绍了smarty模板中使用get.post.request.cookies.session变量的方法,需要的朋友可以参考下 {$smarty}保留变量不需要从PHP脚本中分配,是可以在模板中直接访问的数组类型变量,通常被用于访问一些特殊的模板变量.例如,直接在模板中访问页面请求变量.获取访问模板时的时间戳.直接访问PHP中的常量.从配置文件中读取变量等. 1.在模板中访问页面请求变量 我 们可以在PHP脚本中,通过超级全局数组$_GET.$_POST.$_REQUEST获取在客户端
这篇文章主要介绍了php几个预定义变量$_SERVER用法,实例总结了服务器端预定义变量$_SERVER的常见用法,需要的朋友可以参考下 本文实例总结了php几个预定义变量$_SERVER的用法.分享给大家供大家参考.具体如下: &?php echo 'documentroot:'.$_SERVER['DOCUMENT_ROOT'].'&br&'; //根目录,在apache的配置文件里定义:httpd.conf 比如:DocumentRoot &D:/work/php_roo
SMARTY模板中如何使用get,post,request,cookies,session,server变量 {$smarty}保留变量不需要从PHP脚本中分配,是可以在模板中直接访问的数组类型变量,通常被用于访问一些特殊的模板变量.例如,直接在模板中访问页面请求变量.获取访问模板时的时间戳.直接访问PHP中的常量.从配置文件中读取变量等. 1.在模板中访问页面请求变量 我 们可以在PHP脚本中,通过超级全局数组$_GET.$_POST.$_REQUEST获取在客户端以不同方法提交给服务器的数据
app.request.server.get('HTTP_X_REQUESTED_WITH') 就是 $_SERVER['HTTP_X_REQUESTED_WITH'] 相关的参数 或者 变量 常量 Symfony\Component\HttpKernel\Kernel Symfony\Component\HttpFoundation\Request Symfony\Component\Security\Core\SecurityContext Symfony\Component\HttpFou
{$smarty}保留变量不需要从PHP脚本中分配,是可以在模板中直接访问的数组类型变量,通常被用于访问一些特殊的模板变量.例如,直接在模板中访问页面请求变量.获取访问模板时的时间戳.直接访问PHP中的常量.从配置文件中读取变量等. 1.在模板中访问页面请求变量 我 们可以在PHP脚本中,通过超级全局数组$_GET.$_POST.$_REQUEST获取在客户端以不同方法提交给服务器的数据,也可以通 过$_COOKIE或$_SESSION在多个脚本之间跟踪变量,或是通过$_ENV和$_SERVER
在开发web程序的时候,有时我们需要得到用户是从什么页面连过来的,这就用到了referer. 它是http协议,所以任何能开发web程序的语言都可以实现,比如jsp中是: request.getHeader(&referer&); php是$_SERVER['HTTP_REFERER'].其他的我就不举例了(其实是不会其他的语言). js的话就是这样做:javascript:document.referrer 那它能干什么用呢?我举两个例子: 1,防止盗连,比如我是个下载软件的网站,在
1: Send ajax request, in the onComplete, if back when the html contains a javascript, then these javascrip and will not be realized, it does not mean not to implement. This problem has troubled me for a long time, behind the hair and then put this kn
1) Rails defines two abstract class: AbstractRequest and AbstractResponse code is not posted, first take a look at Response. 2) is mainly responsible for the specific ctgi_process.rb main interface is responsible for implementation methods of impleme
Cross-site request forgery (ie, CSRF) has been referred to as Web security sector number of loopholes in the &sleeping giant&, and its level of threat which &reputation& will be shown. This article will briefly explain the loopholes, a
/blog/283992 This is from a PragDave's blog Above to learn skills, very useful, very cool! Saying in a Rails site running the above, we can use Linux's top command to monitor the Rails application instances running condition,
At present the majority of domestic micro-Bo (mini blog) are open api HTTP Basic Access Authentication For authentication. Including rice not, sharawadgi askew, and even chat JavaEye. Twitter is now certified to use OAuth way. Is to sum up with ruby
Sometimes the need to invoke it in View now address the relative path, so can be &%= request.protocol %&&%= request.host %&&%= request.port_string %&&%= request.request_uri %& Either &%= request.url%& google keywords 19 Rails
First, create the XMLHttpRequest object, we can then, through its properties and methods of sending and processing of HTTP request, send the request and response dealing with the general steps are as follows: 1, call open () method set the request of
ajax request with a url address, url address if the cache has not changed and there will be direct to the value, the server will then not be requested. This situation will be different in different machines of IE on different ways to resolve the requ
ajax request with a url address, url address if the cache has not changed and there will be direct to the value, the server will then not be requested. This situation will be different in different machines of IE on different ways to resolve the requ
Bpm in a recent project, a form needed to call another remote DWR but in the process of calling a problem, this method has been sometimes called, sometimes less than a call that is asynchronous the relationship between the reques
http://en.wikipedia.org/wiki/Java_Specification_Request Java Community Process From Wikipedia, the free encyclopedia (Redirected from Java Specification Request) Jump to: navigation, search &! - Start content -& The Java Community Process or JCP, es
Version: prototype 1.6.0.3, struts1.2. Front (page introduction prototype.js): 1, prototype-ajax.jsp &%@ page language=&java& pageEncoding=&UTF-8&%& &% String path = request.getContextPath(); String basePath = request.getSchem
&Abhorrent& in ajax sync request For this reason, I wasted several hours. Encountered in the work of such a demand: Must wait for the follow-up after the completion of pre-task to be implemented, otherwise unable to obtain follow-up method to ge
// The use of encapsulation method only need to be concerned about providing HTTP request method, the URL address data, success and failure callback method // Class definition, the main duty is to create a XMLHttpRequest object var MyXMLHttpRequest =
Prospects: 1, regist.jsp &%@ page language=&java& pageEncoding=&UTF-8&%& &% String path = request.getContextPath(); String basePath = request.getScheme() + &://& + request.getServerName() + &:& + request.ge
Request the getContextPath, getServletPath difference
18:34 Request the getContextPath, getServletPath's () difference between [table] [tr] [td] [img] http://p.blog.csdn.net/images/p_blog_csdn_net/zym83215/t.JPG [/ img] Assumes tha
*URL You can change at will */ String uriAPI = &http://192.168.1.100:8080/test/test.jsp?u=wangyi&p=456&; /* Establish HTTP Get object */ HttpGet httpRequest = new HttpGet(uriAPI); try { /* Send a request and waits for the response */ HttpRes
Struts2 handle the request specify the suffix and the constant introduction of Struts.xml can be modified using struts.action.extension constant &constant name=&struts.action.extension& value=&do&/& You can also specify a variety
Struts2 source code analysis - Request Processing /topic/450979
Basic types of arguments used to receive requests (get / post) In the Action class defines the properties of the same name with the request parameters, struts2 could automatically receives request parameters and gives to the properties of the same na
STRUTS2 access to session and the request My usual way: private HttpServletRequest request = ServletActionContext.getRequest (); private HttpSession session = request.getSession (); Otherwise: The struts1, the availability of the system's request or
Https request using httpclient to visit, reported that the following two kinds of errors: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found javax.net.ssl.SSLPeerUnverifiedException: peer not
Commonly used method of forwarding the request A http request will be forwarded to another servlet, JSP, html pages, requires the use of RequestDispatcher right image and HttpServletResponse's sendRedirect () method. There are three ways to get Reque
Copyright (C) , All Rights Reserved.
版权所有 黔ICP备号-1
processed in 0.092 (s). 8 q(s)Keyboard Shortcuts?
Next menu item
Previous menu item
Previous man page
Next man page
Scroll to bottom
Scroll to top
Goto homepage
Goto search(current page)
Focus search box
Change language:
Brazilian Portuguese
Chinese (Simplified)
$HTTP_SERVER_VARS [removed]
$_SERVER -- $HTTP_SERVER_VARS [removed] & Server and execution environment information
Description
$_SERVER is an array containing information
such as headers, paths, and script locations. The entries in this
array are created by the web server. There is no guarantee that
every web server will
servers may omit some,
or provide others not listed here. That said, a large number of
these variables are accounted for in the , so you should
be able to expect those.
Prior to PHP 5.4.0, $HTTP_SERVER_VARS contained the same initial
information, but was not a .
(Note that $HTTP_SERVER_VARS and $_SERVER
were different variables and that PHP handled them as such.)
You may or may not find any of the following elements in
$_SERVER. Note that few, if any, of these will be
available (or indeed have any meaning) if running PHP on the
'PHP_SELF'
The filename of the currently executing script, relative to
the document root. For instance,
$_SERVER['PHP_SELF'] in a script at the
address /foo/bar.php
would be /foo/bar.php.
constant contains the full path and filename of the current (i.e.
included) file.
If PHP is running as a command-line processor this variable contains
the script name since PHP 4.3.0. Previously it was not available.
''
Array of arguments passed to the script. When the script is
run on the command line, this gives C-style access to the
command line parameters. When called via the GET method, this
will contain the query string.
''
Contains the number of command line parameters passed to the
script (if run on the command line).
'GATEWAY_INTERFACE'
What revision of the CGI specification
i.e. 'CGI/1.1'.
'SERVER_ADDR'
The IP address of the server under which the current script is
executing.
'SERVER_NAME'
The name of the server host under which the current script is
executing. If the script is running on a virtual host, this
will be the value defined for that virtual host.
'SERVER_SOFTWARE'
Server identification string, given in the headers when
responding to requests.
'SERVER_PROTOCOL'
Name and revision of the information protocol via which the
i.e. 'HTTP/1.0';
'REQUEST_METHOD'
Which request method was use i.e. 'GET',
'HEAD', 'POST', 'PUT'.
PHP script is terminated after sending headers (it means after
producing any output without output buffering) if the request method
'REQUEST_TIME'
The timestamp of the start of the request. Available since PHP 5.1.0.
'REQUEST_TIME_FLOAT'
The timestamp of the start of the request, with microsecond precision.
Available since PHP 5.4.0.
'QUERY_STRING'
The query string, if any, via which the page was accessed.
'DOCUMENT_ROOT'
The document root directory under which the current script is
executing, as defined in the server's configuration file.
'HTTP_ACCEPT'
Contents of the Accept: header from the
current request, if there is one.
'HTTP_ACCEPT_CHARSET'
Contents of the Accept-Charset: header
from the current request, if there is one. Example:
'iso-8859-1,*,utf-8'.
'HTTP_ACCEPT_ENCODING'
Contents of the Accept-Encoding: header
from the current request, if there is one. Example: 'gzip'.
'HTTP_ACCEPT_LANGUAGE'
Contents of the Accept-Language: header
from the current request, if there is one. Example: 'en'.
'HTTP_CONNECTION'
Contents of the Connection: header from
the current request, if there is one. Example: 'Keep-Alive'.
'HTTP_HOST'
Contents of the Host: header from the
current request, if there is one.
'HTTP_REFERER'
The address of the page (if any) which referred the user
agent to the current page. This is set by the user agent. Not
all user agents will set this, and some provide the ability
to modify HTTP_REFERER as a feature. In
short, it cannot really be trusted.
'HTTP_USER_AGENT'
Contents of the User-Agent: header from
the current request, if there is one. This is a string
denoting the user agent being which is accessing the page. A
typical example is: Mozilla/4.5 [en] (X11; U;
Linux 2.2.9 i586). Among other things, you
can use this value with
tailor your page's output to the capabilities of the user
'HTTPS'
Set to a non-empty value if the script was queried through the HTTPS
Note that when using ISAPI with IIS, the value will be
off if the request was not made through the HTTPS
'REMOTE_ADDR'
The IP address from which the user is viewing the current
'REMOTE_HOST'
The Host name from which the user is viewing the current
The reverse dns lookup is based off the
REMOTE_ADDR of the user.
Your web server must be configured to create this variable. For
example in Apache you'll need HostnameLookups On
inside httpd.conf for it to exist.
'REMOTE_PORT'
The port being used on the user's machine to communicate with
the web server.
'REMOTE_USER'
The authenticated user.
'REDIRECT_REMOTE_USER'
The authenticated user if the request is internally redirected.
'SCRIPT_FILENAME'
The absolute pathname of the currently executing script.
If a script is executed with the CLI, as a relative path,
such as file.php or
../file.php,
$_SERVER['SCRIPT_FILENAME'] will
contain the relative path specified by the user.
'SERVER_ADMIN'
The value given to the SERVER_ADMIN (for Apache) directive in
the web server configuration file. If the script is running
on a virtual host, this will be the value defined for that
virtual host.
'SERVER_PORT'
The port on the server machine being used by the web server
for communication. For default setups, this will be '80';
using SSL, for instance, will change this to whatever your
defined secure HTTP port is.
Under the Apache 2, you must set UseCanonicalName = On,
as well as UseCanonicalPhysicalPort = On in order to
get the physical (real) port, otherwise, this value can be spoofed and it
may or may not return the physical port value.
It is not safe to rely on this value in security-dependent contexts.
'SERVER_SIGNATURE'
String containing the server version and virtual host name
which are added to server-generated pages, if enabled.
'PATH_TRANSLATED'
Filesystem- (not document root-) based path to the current
script, after the server has done any virtual-to-real
As of PHP 4.3.2, PATH_TRANSLATED is no longer set
implicitly under the Apache 2 SAPI in contrast
to the situation in Apache 1, where it's set to the same value as
the SCRIPT_FILENAME server variable when it's not
populated by Apache.
This change was made to comply with the
CGI specification that
PATH_TRANSLATED should only exist if
PATH_INFO is defined.
Apache 2 users may use AcceptPathInfo = On inside
httpd.conf to define PATH_INFO.
'SCRIPT_NAME'
Contains the current script's path. This is useful for pages
which need to point to themselves.
constant contains the full path and filename of the current (i.e.
included) file.
'REQUEST_URI'
The URI which was given in order for
instance, '/index.html'.
'PHP_AUTH_DIGEST'
When doing Digest HTTP authentication this variable is set
to the 'Authorization' header sent by the client (which you
should then use to make the appropriate validation).
'PHP_AUTH_USER'
When doing HTTP authentication this variable is set to the
username provided by the user.
'PHP_AUTH_PW'
When doing HTTP authentication this variable is set to the
password provided by the user.
'AUTH_TYPE'
When doing HTTP authenticated this variable is set to the
authentication type.
'PATH_INFO'
Contains any client-provided pathname information trailing the
actual script filename but preceding the query string, if
available. For instance, if the current script was accessed via
URL /php/path_info.php/some/stuff?foo=bar,
then $_SERVER['PATH_INFO'] would
contain /some/stuff.
'ORIG_PATH_INFO'
Original version of 'PATH_INFO' before processed by
Example #1 $_SERVER example
&?phpecho&$_SERVER['SERVER_NAME'];?&
The above example will output
something similar to:
Note: This is a 'superglobal', or
automatic global, variable. This simply means that it is available in
all scopes throughout a script. There is no need to do
global $ to access it within functions or methods.
Just a PHP file to put on your local server (as I don't have enough memory)
$indicesServer = array('PHP_SELF',
'argv',
'argc',
'GATEWAY_INTERFACE',
'SERVER_ADDR',
'SERVER_NAME',
'SERVER_SOFTWARE',
'SERVER_PROTOCOL',
'REQUEST_METHOD',
'REQUEST_TIME',
'REQUEST_TIME_FLOAT',
'QUERY_STRING',
'DOCUMENT_ROOT',
'HTTP_ACCEPT',
'HTTP_ACCEPT_CHARSET',
'HTTP_ACCEPT_ENCODING',
'HTTP_ACCEPT_LANGUAGE',
'HTTP_CONNECTION',
'HTTP_HOST',
'HTTP_REFERER',
'HTTP_USER_AGENT',
'HTTPS',
'REMOTE_ADDR',
'REMOTE_HOST',
'REMOTE_PORT',
'REMOTE_USER',
'REDIRECT_REMOTE_USER',
'SCRIPT_FILENAME',
'SERVER_ADMIN',
'SERVER_PORT',
'SERVER_SIGNATURE',
'PATH_TRANSLATED',
'SCRIPT_NAME',
'REQUEST_URI',
'PHP_AUTH_DIGEST',
'PHP_AUTH_USER',
'PHP_AUTH_PW',
'AUTH_TYPE',
'PATH_INFO',
'ORIG_PATH_INFO') ;
echo '&table cellpadding="10"&' ;
foreach ($indicesServer as $arg) {
& & if (isset($_SERVER[$arg])) {
& & & & echo '&tr&&td&'.$arg.'&/td&&td&' . $_SERVER[$arg] . '&/td&&/tr&' ;
& & }
& & else {
& & & & echo '&tr&&td&'.$arg.'&/td&&td&-&/td&&/tr&' ;
& & }
}
echo '&/table&' ;
*;q=0.8
HTTP_ACCEPT_CHARSET& & ISO-8859-1,utf-8;q=0.7,*;q=0.3
HTTP_ACCEPT_ENCODING& & gzip,deflate,sdch
HTTP_ACCEPT_LANGUAGE& & fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
HTTP_CONNECTION& & keep-alive
HTTP_HOST& & localhost
HTTP_REFERER& & http:HTTP_USER_AGENT& & Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17
HTTPS& & -
REMOTE_ADDR& & 127.0.0.1
REMOTE_HOST& & -
REMOTE_PORT& & 65037
REMOTE_USER& & -
REDIRECT_REMOTE_USER& & -
SCRIPT_FILENAME& & E:/web/server_indices.php
SERVER_ADMIN& & myemail@personal.us
SERVER_PORT& & 80
SERVER_SIGNATURE& &
PATH_TRANSLATED& & -
SCRIPT_NAME& & /server_indices.php
REQUEST_URI& & /server_indices.php
PHP_AUTH_DIGEST& & -
PHP_AUTH_USER& & -
PHP_AUTH_PW& & -
AUTH_TYPE& & -
PATH_INFO& & -
ORIG_PATH_INFO& & -
1. All elements of the $_SERVER array whose keys begin with 'HTTP_' come from HTTP request headers and are not to be trusted.2. All HTTP headers sent to the script are made available through the $_SERVER array, with names prefixed by 'HTTP_'.3. $_SERVER['PHP_SELF'] is dangerous if misused. If login.php/nearly_arbitrary_string is requested, $_SERVER['PHP_SELF'] will contain not just login.php, but the entire login.php/nearly_arbitrary_string. If you've printed $_SERVER['PHP_SELF'] as the value of the action attribute of your form tag without performing HTML encoding, an attacker can perform XSS attacks by offering users a link to your site such as this:&a href='"&&script type="text/javascript"&...&/script&&span a="'&&/a&The javascript block would define an event handler function and bind it to the form's submit event. This event handler would load via an &img& tag an external file, with the submitted username and password as parameters.Use $_SERVER['SCRIPT_NAME'] instead of $_SERVER['PHP_SELF']. HTML encode every string sent to the browser that should not be interpreted as HTML, unless you are absolutely certain that it cannot contain anything that the browser can interpret as HTML.
I needed to get the full base directory of my script local to my webserver, IIS 7 on Windows 2008.
I ended up using this:
&?php
function GetBasePath() {
& & return substr($_SERVER['SCRIPT_FILENAME'], 0, strlen($_SERVER['SCRIPT_FILENAME']) - strlen(strrchr($_SERVER['SCRIPT_FILENAME'], "\\")));
}
?&
And it returned C:\inetpub\wwwroot\&applicationfolder& as I had hoped.
It's worth noting that $_SERVER variables get created for any HTTP request headers, including those you might invent:If the browser sends an HTTP request header of:X-Debug-Custom: some stringThen:&?php$_SERVER['HTTP_X_DEBUG_CUSTOM']; ?&There are better ways to identify the HTTP request headers sent by the browser, but this is convenient if you know what to expect from, for example, an AJAX script with custom headers.Works in PHP5 on Apache with mod_php.& Don't know if this is true from other environments.
When using the $_SERVER['SERVER_NAME'] variable in an apache virtual host setup with a ServerAlias directive, be sure to check the UseCanonicalName apache directive.& If it is On, this variable will always have the apache ServerName value.& If it is Off, it will have the value given by the headers sent by the browser.Depending on what you want to do the content of this variable, put in On or Off.
If you are serving from behind a proxy server, you will almost certainly save time by looking at what these $_SERVER variables do on your machine behind the proxy.&& $_SERVER['HTTP_X_FORWARDED_FOR'] in place of $_SERVER['REMOTE_ADDR']$_SERVER['HTTP_X_FORWARDED_HOST'] and $_SERVER['HTTP_X_FORWARDED_SERVER'] in place of (at least in our case,) $_SERVER['SERVER_NAME']
An even *more* improved version...&?phpphpinfo(32);?&
&?phpforeach (explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']) as $lang) {& & $pattern = '/^(?P&primarytag&[a-zA-Z]{2,8})'.& & '(?:-(?P&subtag&[a-zA-Z]{2,8}))?(?:(?:;q=)'.& & '(?P&quantifier&\d\.\d))?$/';& & $splits = array();& & printf("Lang:,,%s''\n", $lang);& & if (preg_match($pattern, $lang, $splits)) {& & & & print_r($splits);& & } else {& & & & echo "\nno match\n";& & }}?&example output:Google Chrome 3.0.195.27 Windows xpLang:,,de-DE''Array(& & [0] =& de-DE& & [primarytag] =& de& & [1] =& de& & [subtag] =& DE& & [2] =& DE)Lang:,,q=0.8''Array(& & [0] =&q=0.8& & [primarytag] =& de& & [1] =& de& & [subtag] =& & & [2] =& & & [quantifier] =& 0.8& & [3] =& 0.8)Lang:,,en-US;q=0.6''Array(& & [0] =& en-US;q=0.6& & [primarytag] =& en& & [1] =& en& & [subtag] =& US& & [2] =& US& & [quantifier] =& 0.6& & [3] =& 0.6)Lang:,,q=0.4''Array(& & [0] =&q=0.4& & [primarytag] =& en& & [1] =& en& & [subtag] =& & & [2] =& & & [quantifier] =& 0.4& & [3] =& 0.4)
A table of everything in the $_SERVER array can be found near the bottom of the output of phpinfo();
You have missed 'REDIRECT_STATUS'Very useful if you point all your error pages to the same file.F .htaccess# .htaccess file.ErrorDocument 404 /error-msg.phpErrorDocument 500 /error-msg.phpErrorDocument 400 /error-msg.phpErrorDocument 401 /error-msg.phpErrorDocument 403 /error-msg.php# End of file.F error-msg.php&?php& $HttpStatus = $_SERVER["REDIRECT_STATUS"] ;& if($HttpStatus==200) {print "Document has been processed and sent to you.";}& if($HttpStatus==400) {print "Bad HTTP request ";}& if($HttpStatus==401) {print "Unauthorized - Iinvalid password";}& if($HttpStatus==403) {print "Forbidden";}& if($HttpStatus==500) {print "Internal Server Error";}& if($HttpStatus==418) {print "I'm a teapot! - This is a real value, defined in 1998";}?&
A way to get the absolute path of your page, independent from the site position (so works both on local machine and on server without setting anything) and from the server OS (works both on Unix systems and Windows systems).The only parameter it requires is the folder in which you place this scriptSo, for istance, I'll place this into my SCRIPT folder, and I'll write SCRIPT word length in $conflen&?php$conflen=strlen('SCRIPT');$B=substr(__FILE__,0,strrpos(__FILE__,'/'));$A=substr($_SERVER['DOCUMENT_ROOT'], strrpos($_SERVER['DOCUMENT_ROOT'], $_SERVER['PHP_SELF']));$C=substr($B,strlen($A));$posconf=strlen($C)-$conflen-1;$D=substr($C,1,$posconf);$host=''.$_SERVER['SERVER_NAME'].'/'.$D;?&$host will finally contain the absolute path.
I think the HTTPS element will only be present under Apache 2.x. It's not in the list of "special" variables here:But it is here:
$_SERVER['DOCUMENT_ROOT'] is incredibly useful especially when working in your development environment. If you're working on large projects you'll likely be including a large number of files into your pages. For example:
&?php
define("REGISTRY_CLASSES",& $_SERVER['DOCUMENT_ROOT']."/SOAP/classes/");
& & & & define("REGISTRY_CONTROLS", $_SERVER['DOCUMENT_ROOT']."/SOAP/controls/");
& & & & define("STRING_BUILDER",& && REGISTRY_CLASSES. "stringbuilder.php");
& & & & define("SESSION_MANAGER",& && REGISTRY_CLASSES. "sessionmanager.php");
& & & & define("STANDARD_CONTROLS",& & REGISTRY_CONTROLS."standardcontrols.php");
?&
In development environments, you're rarely working with your root folder, especially if you're running PHP locally on your box and using DOCUMENT_ROOT is a great way to maintain URL conformity. This will save you hours of work preparing your application for deployment from your box to a production server (not to mention save you the headache of include path failures).
If requests to your PHP script send a header "Content-Type" or/ "Content-Length" it will, contrary to regular HTTP headers, not appear in $_SERVER as $_SERVER['HTTP_CONTENT_TYPE']. PHP removes these (per CGI/1.1 specification[1]) from the HTTP_ match group.They are still accessible, but only if the request was a POST request. When it is, it'll be available as:$_SERVER['CONTENT_LENGTH']$_SERVER['CONTENT_TYPE'][1] https://www.ietf.org/rfc/rfc3875
Be warned that most contents of the Server-Array (even $_SERVER['SERVER_NAME']) are provided by the client and can be manipulated. They can also be used for injections and thus MUST be checked and treated like any other user input.
Here's a simple, quick but effective way to block unwanted external visitors to your local server:
&?php
if ($_SERVER['REMOTE_ADDR'] !== '127.0.0.1') die(header("Location: /"));
?&
This will direct all external traffic to your home page. Of course you could send a 404 or other custom error. Best practice is not to stay on the page with a custom error message as you acknowledge that the page does exist. That's why I redirect unwanted calls to (for example) phpmyadmin.
$_SERVER['DOCUMENT_ROOT'] may contain backslashes on windows systems, and of course it may or may not have a trailing slash (backslash).I saw the following as an example of the proper way we're supposed to deal with this issue:&?phpinclude(dirname($_SERVER['DOCUMENT_ROOT']) . DIRECTORY_SEPARATOR . 'file.php');?&Ok, the latter may be used to access a file inside the parent directory of the document root, but actually does not properly address the issue.In the end, don't warry about. It should be safe to use forward slashes and append a trailing slash in all cases.Let's say we have this:&?php$path = 'subdir/file.php';$result = $_SERVER['DOCUMENT_ROOT'] . '/' . $path;?&On linux $result might be something like1) "/var/www/subdir/file.php"2) "/var/www//subdir/file.php"String 2 is parsed the same as string 1 (have a try with command 'cd').On windows $result might be something like1) "C:/apache/htdocs/subdir/file.php"2) "C:/apache/htdocs//subdir/file.php"3) "C:\apache\htdocs/subdir/file.php"4) "C:\apache\htdocs\/subdir/file.php"All those strings are parsed as "C:\apache\htdocs\subdir\file.php" (have a try with 'cd').
Use the apache SetEnv directive to set arbitrary $_SERVER variables in your vhost or apache config.SetEnv varname "variable value"
searched $_SERVER["REDIRECT_URL"] for a while and noted that it is not mentioned in php documentation page itself. look like this is only generated by apache server(not others) and using&& $_SERVER["REQUEST_URI"] will be useful in some cases as mine.
Tech note:$_SERVER['argc'] and $_SERVER['argv'][] has some funny behaviour,used from linux (bash) commandline, when called like "php ./script_name.php 0x020B" there is everything correct, but "./script_name.php 0x020B"is not correct - "0" is passed instead of "0x020B" as $_SERVER['argv'][1] - see the script below.Looks like the parameter is not passed well from bash to PHP.(but, inspected on the level of bash, 0x020B is understood well as $1)try this example:-------------&8------------------cat ./script_name.php#! /usr/bin/phpif( $_SERVER['argc'] == 2)& {& & // funny... we have to do this trick to pass e.g. 0x020B from parameters& & // ignore this: "PHP Notice:& Undefined offset:& 2 in ..."& & $EID = $_SERVER['argv'][1] + $_SERVER['argv'][2] + $_SERVER['argv'][3];& } else&& {& & & & // default& && $EID = 0x0210; // PPS failure&& }
On Windows IIS 7 you must use $_SERVER['LOCAL_ADDR'] rather than $_SERVER['SERVER_ADDR'] to get the server's IP address.
To get an associative array of HTTP request headers formatted similarly to get_headers(), this will do the trick:&?phpfunction get_request_headers() {& & $headers = array();& & foreach($_SERVER as $key =& $value) {& & & & if(strpos($key, 'HTTP_') === 0) {& & & & & & $headers[str_replace(' ', '-', ucwords(str_replace('_', ' ', strtolower(substr($key, 5)))))] = $value;& & & & }& & }& & return $headers;}?&
A simple function to detect if the current page address was rewritten by mod_rewrite:
&?php
public function urlWasRewritten() {
& $realScriptName=$_SERVER['SCRIPT_NAME'];
& $virtualScriptName=reset(explode("?", $_SERVER['REQUEST_URI']));
& return !($realScriptName==$virtualScriptName);
}
?&
Proccess path_info&?phpfunction get_path_info(){& & if( ! array_key_exists('PATH_INFO', $_SERVER) )& & {& & & & $pos = strpos($_SERVER['REQUEST_URI'], $_SERVER['QUERY_STRING']);& & & & & & $asd = substr($_SERVER['REQUEST_URI'], 0, $pos - 2);& & & & $asd = substr($asd, strlen($_SERVER['SCRIPT_NAME']) + 1);& & & & & & & & return $asd;& & & & }& & else& & {& & & & return trim($_SERVER['PATH_INFO'], '/');& & }}
Not documented here is the fact that $_SERVER is populated with some pretty useful information when accessing PHP via the shell. ["_SERVER"]=&& array(24) {& & ["MANPATH"]=&& & string(48) "/usr/share/man:/usr/local/share/man:/usr/X11/man"& & ["TERM"]=&& & string(11) "xterm-color"& & ["SHELL"]=&& & string(9) "/bin/bash"& & ["SSH_CLIENT"]=&& & string(20) "127.0.0.1 41242 22"& & ["OLDPWD"]=&& & string(60) "/Library/WebServer/Domains//private"& & ["SSH_TTY"]=&& & string(12) "/dev/ttys000"& & ["USER"]=&& & string(5) "username"& & ["MAIL"]=&& & string(15) "/var/mail/username"& & ["PATH"]=&& & string(57) "/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin"& & ["PWD"]=&& & string(56) "/Library/WebServer/Domains//www"& & ["SHLVL"]=&& & string(1) "1"& & ["HOME"]=&& & string(12) "/Users/username"& & ["LOGNAME"]=&& & string(5) "username"& & ["SSH_CONNECTION"]=&& & string(31) "127.0.0.1 .0.1 22"& & ["_"]=&& & string(12) "/usr/bin/php"& & ["__CF_USER_TEXT_ENCODING"]=&& & string(9) "0x1F5:0:0"& & ["PHP_SELF"]=&& & string(10) "Shell.php"& & ["SCRIPT_NAME"]=&& & string(10) "Shell.php"& & ["SCRIPT_FILENAME"]=&& & string(10) "Shell.php"& & ["PATH_TRANSLATED"]=&& & string(10) "Shell.php"& & ["DOCUMENT_ROOT"]=&& & string(0) ""& & ["REQUEST_TIME"]=&& & int()& & ["argv"]=&& & array(1) {& & & [0]=&& & & string(10) "Shell.php"& & }& & ["argc"]=&& & int(1)& }
&?phpfunction relativeURL () {& & $dir = str_replace('\\', '/', __DIR__);& & & & return substr($dir, strlen($_SERVER['DOCUMENT_ROOT']));& & & & }require '../classes/Form.php';new Form()-&drawCaptchaField();& & if (isset($_GET['captcha'])) {& & }class Form {& & public function drawCaptchaField () {& & & & echo '&img src="'.relativeURL().'?captcha" /&';& & }}?&
Don't forget $_SERVER['HTTP_COOKIE']. It contains the raw value of the 'Cookie' header sent by the user agent.
Windows running IIS v6 does not include $_SERVER['SERVER_ADDR']If you need to get the IP addresse, use this instead:&?php$ipAddress = gethostbyname($_SERVER['SERVER_NAME']);?&
I was testing with the $_SERVER variable and some request method, and I found that with apache I can put an arbitrary method.For example, I have an script called "server.php" in my example webpage with the next code:&?phpecho $_SERVER['REQUEST_METHOD'];?&And I made this request:c:\&nc -vv
80 [x.x.x.x] 80 (http) openArbitratyMethod /server.php HTTP/1.1Host: wow.sinfocol.orgConnection: CloseThe response of the server is the next:HTTP/1.1 200 OKDate: Fri, 15 Jan :09 GMTServer: ApacheConnection: closeTransfer-Encoding: chunkedContent-Type: text/htmlArbitratyMethodSo, be carefully when include the $_SERVER['REQUEST_METHOD'] in any script, this kind of "bug" is old and could be dangerous.
All the $_SERVER[''] In php :
echo "PHP_SELF : " . $_SERVER['PHP_SELF'] . "&br /&";
echo "GATEWAY_INTERFACE : " . $_SERVER['GATEWAY_INTERFACE'] . "&br /&";
echo "SERVER_ADDR : " . $_SERVER['SERVER_ADDR'] . "&br /&";
echo "SERVER_NAME : " . $_SERVER['SERVER_NAME'] . "&br /&";
echo "SERVER_SOFTWARE : " . $_SERVER['SERVER_SOFTWARE'] . "&br /&";
echo "SERVER_PROTOCOL : " . $_SERVER['SERVER_PROTOCOL'] . "&br /&";
echo "REQUEST_METHOD : " . $_SERVER['REQUEST_METHOD'] . "&br /&";
echo "REQUEST_TIME : " . $_SERVER['REQUEST_TIME'] . "&br /&";
echo "REQUEST_TIME_FLOAT : " . $_SERVER['REQUEST_TIME_FLOAT'] . "&br /&";
echo "QUERY_STRING : " . $_SERVER['QUERY_STRING'] . "&br /&";
echo "DOCUMENT_ROOT : " . $_SERVER['DOCUMENT_ROOT'] . "&br /&";
echo "HTTP_ACCEPT : " . $_SERVER['HTTP_ACCEPT'] . "&br /&";
echo "HTTP_ACCEPT_CHARSET : " . $_SERVER['HTTP_ACCEPT_CHARSET'] . "&br /&";
echo "HTTP_ACCEPT_ENCODING : " . $_SERVER['HTTP_ACCEPT_ENCODING'] . "&br /&";
echo "HTTP_ACCEPT_LANGUAGE : " . $_SERVER['HTTP_ACCEPT_LANGUAGE'] . "&br /&";
echo "HTTP_CONNECTION : " . $_SERVER['HTTP_CONNECTION'] . "&br /&";
echo "HTTP_HOST : " . $_SERVER['HTTP_HOST'] . "&br /&";
echo "HTTP_REFERER : " . $_SERVER['HTTP_REFERER'] . "&br /&";
echo "HTTP_USER_AGENT : " . $_SERVER['HTTP_USER_AGENT'] . "&br /&";
echo "HTTPS : " . $_SERVER['HTTPS'] . "&br /&";
echo "REMOTE_ADDR : " . $_SERVER['REMOTE_ADDR'] . "&br /&";
echo "REMOTE_HOST : " . $_SERVER['REMOTE_HOST'] . "&br /&";
echo "REMOTE_PORT : " . $_SERVER['REMOTE_PORT'] . "&br /&";
echo "REMOTE_USER : " . $_SERVER['REMOTE_USER'] . "&br /&";
echo "REDIRECT_REMOTE_USER : " . $_SERVER['REDIRECT_REMOTE_USER'] . "&br /&";
echo "SCRIPT_FILENAME : " . $_SERVER['SCRIPT_FILENAME'] . "&br /&";
echo "SERVER_ADMIN : " . $_SERVER['SERVER_ADMIN'] . "&br /&";
echo "SERVER_PORT : " . $_SERVER['SERVER_PORT'] . "&br /&";
echo "SERVER_SIGNATURE : " . $_SERVER['SERVER_SIGNATURE'] . "&br /&";
echo "PATH_TRANSLATED : " . $_SERVER['PATH_TRANSLATED'] . "&br /&";
echo "SCRIPT_NAME : " . $_SERVER['SCRIPT_NAME'] . "&br /&";
echo "REQUEST_URI : " . $_SERVER['REQUEST_URI'] . "&br /&";
echo "PHP_AUTH_DIGEST : " . $_SERVER['PHP_AUTH_DIGEST'] . "&br /&";
echo "PHP_AUTH_USER : " . $_SERVER['PHP_AUTH_USER'] . "&br /&";
echo "PHP_AUTH_PW : " . $_SERVER['PHP_AUTH_PW'] . "&br /&";
echo "AUTH_TYPE : " . $_SERVER['AUTH_TYPE'] . "&br /&";
echo "PATH_INFO : " . $_SERVER['PATH_INFO'] . "&br /&";
echo "ORIG_PATH_INFO : " . $_SERVER['ORIG_PATH_INFO'] . "&br /&";
By : @44it
[EDITOR'S NOTE: Removed external link. EDITED BY: thiago]
Be aware that it's a bad idea to access x-forwarded-for and similar headers through this array. The header names are mangled when populating the array and this mangling can introduce spoofing vulnerabilities.See
for details of a real world exploit of this.
I'm lazy but rigorous:&?phpwhile (list($var,$value) = each ($_SERVER)) {echo $var." Val:".$value."&br /&";}&a href="//php-how-to-print-all-_server-variables/"&Thank you sir!&/a&?&
If you are looking at $_SERVER['HTTP_USER_AGENT'] to determine whether your user is on a mobile device, you may want to visit these resources:
I've used the SplPriorityQueue to determine an HTTP client's preferred MIME types that are in $_SERVER['HTTP_ACCEPT'].&?php$queue = new \SplPriorityQueue();foreach (preg_split('#,\s*#', $_SERVER['HTTP_ACCEPT']) as $accept) {& & $split = preg_split('#;\s*q=#', $accept, 2);& & $queue-&insert($split[0], isset($split[1]) ? (float)$split[1] : 1.0);}foreach ($queue as $mime) {& & echo $mime, PHP_EOL;}?&My browser sends:Accept: text/html,application/xhtml+xml,application/q=0.9,*/*;q=0.8And this script outputs:text/htmlapplication/xhtml+xmlapplication/xml*/*A better example:Accept: text/html, application/xml,text/q=0.4,text/ q=0.9, application/q=0.8And this script outputs:text/htmlapplication/xmltext/plainapplication/jsontext/css
On a few of servers (e.g, Strato AG Germany, shared hosting)& $_SERVER["DOCUMENT_ROOT"] follow symlinks (while so configured by admins)This is a problem while __DIR__ give the realpath.& Try the error with this small script inside of& DOCUMENT_ROOT:&?phpheader('Content-type: text/plain');echo '__DIR__& & & & & & & & & & & & & & : ', __DIR__ , "\n";echo '$_SERVER["DOCUMENT_ROOT"]& & & & & : ', $_SERVER["DOCUMENT_ROOT"] , "\n";echo 'realpath($_SERVER["DOCUMENT_ROOT"]): ', realpath($_SERVER["DOCUMENT_ROOT"]), "\n";if (-1 & strpos(__DIR__, $_SERVER["DOCUMENT_ROOT"]) ) {& & trigger_error('Fatal: '. __FILE__& & & && . ' darf nicht in oder unterhalb von DOCUMENT_ROOT ('& & & && . $_SERVER["DOCUMENT_ROOT"] . ') liegen!', E_USER_ERROR);& &}?&This will never trigger the error!Use better:&?phpheader('Content-type: text/plain');echo '__DIR__& & & & & & & & & & & & & & : ', __DIR__ , "\n";echo '$_SERVER["DOCUMENT_ROOT"]& & & & & : ', $_SERVER["DOCUMENT_ROOT"] , "\n";echo 'realpath($_SERVER["DOCUMENT_ROOT"]): ', realpath($_SERVER["DOCUMENT_ROOT"]), "\n";if (-1 & strpos(__DIR__, $_SERVER["DOCUMENT_ROOT"]) ) {& & trigger_error('Fatal: '. __FILE__& & & && . ' darf nicht in oder unterhalb von DOCUMENT_ROOT ('& & & && . $_SERVER["DOCUMENT_ROOT"] . ') liegen!', E_USER_ERROR);& &}?&
The best way to see all variables within the $_SERVER array, that I have found, is as follows:&?phpforeach($_SERVER as $key =& $value){echo '$_SERVER["'.$key.'"] = '.$value."&br /&";}?&This will tell you which ones are available on your server and what they are set to.
$_SERVER['DOCUMENT_ROOT'] in different environments may has trailing slash or not, so be careful when including files from $_SERVER['DOCUMENT_ROOT']:&?phpinclude(dirname($_SERVER['DOCUMENT_ROOT']) . DIRECTORY_SEPARATOR . 'file.php')?&
Note that, in Apache 2, the server settings will affect the variables available in $_SERVER. For example, if you are using SSL, the following directive will dump SSL-related status information, along with the server certificate and client certificate (if present) into the $_SERVER variables:SSLOptions +StdEnvVars +ExportCertData
Example:$current = $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];echo $will output the root to the current page, including url and document root, something like:/users/profile.php
'HTTPS'& & Set to a non-empty value if the script was queried through the HTTPS protocol. Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol. Does the same for IIS7 running PHP as a Fast-CGI application.
To get the name and web path of the current script&?php$scriptname=end(explode('/',$_SERVER['PHP_SELF']));$scriptpath=str_replace($scriptname,'',$_SERVER['PHP_SELF']);?&
This is a short script to know what values are defined &?php echo "&textarea&";print_r($_SERVER);echo "&/textarea&";?&
HTTPSSet to a non-empty value if the script was queried through the HTTPS protocol.Note: Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol.=-=-=To clarify this, the value is the string "off", so a specific non-empty value rather than an empty value as in Apache.
I'm the author of this noteI optimized since that note the path function, basically added detection of windows slashes and a partial optionNow is released on github/sabas/magicpath
REQUEST_URI is useful, but if you want to get just the file name use:&?php$this_page = basename($_SERVER['REQUEST_URI']);if (strpos($this_page, "?") !== false) $this_page = reset(explode("?", $this_page));?&
It makes sense to want to paste the $_SERVER['REQUEST_URI'] on to a page (like on a footer), but be sure to clean it up first with htmlspecialchars() otherwise it poses a cross-site scripting vulnerability.
htmlspecialchars($_SERVER['REQUEST_URI']);
I want to share with you a full function to get the remote IP that calls a PHP url using the $_SERVER array.function getRealIP(){ if( $_SERVER['HTTP_X_FORWARDED_FOR'] != '' ){
$client_ip =
( !empty($_SERVER['REMOTE_ADDR']) ) ?
$_SERVER['REMOTE_ADDR']
( ( !empty($_ENV['REMOTE_ADDR']) ) ?
$_ENV['REMOTE_ADDR']
"unknown" );
$entries = split('[, ]', $_SERVER['HTTP_X_FORWARDED_FOR']);
reset($entries);
while (list(, $entry) = each($entries)){
$entry = trim($entry);
if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", $entry, $ip_list) ){
$private_ip = array(
'/^127\.0\.0\.1/',
'/^192\.168\..*/',
'/^172\.((1[6-9])|(2[0-9])|(3[0-1]))\..*/',
'/^10\..*/');
$found_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
if ($client_ip != $found_ip){
$client_ip = $found_
} } else {
$client_ip =
( !empty($_SERVER['REMOTE_ADDR']) ) ?
$_SERVER['REMOTE_ADDR']
( ( !empty($_ENV['REMOTE_ADDR']) ) ?
$_ENV['REMOTE_ADDR']
"unknown" ); } return $client_}This function was found in
Please note on Windows/IIS - the variable 'USER_AUTH' will return the username/identity of the user accessing the page, i.e. if anonymous access is off, you would normally get back "$domain\$username".
I've updated the function of my previous poster and putted it into my class.&?php& & private function _checkClientLanguage()& & {& & & & & & $langcode = (!empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '';& & & & $langcode = (!empty($langcode)) ? explode(";", $langcode) : $langcode;& & & & $langcode = (!empty($langcode['0'])) ? explode(",", $langcode['0']) : $langcode;& & & & $langcode = (!empty($langcode['0'])) ? explode("-", $langcode['0']) : $langcode;& & & & return $langcode['0'];& & }?&Please note, you have to check additional the result! Because the header may be missing or another possible thing, it is malformed. So check the result with a list with languages you support and perhaps you have to load a default language.&?phpif(!in_array($lang, $language_list)) {& & & & & & & & $lang = $language_default; ?&My HTTP_ACCEPT_LANGUAGE string:FF3: de-de,q=0.8,en-q=0.5,q=0.3 IE7: de-chSo, take care of it!
For an hosting that use windows I have used this script to make REQUEST_URI to be correctly setted on IIS&?phpfunction request_URI() {& & if(!isset($_SERVER['REQUEST_URI'])) {& & & & $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'];& & & & if($_SERVER['QUERY_STRING']) {& & & & & & $_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING'];& & & & }& & }& & return $_SERVER['REQUEST_URI'];}$_SERVER['REQUEST_URI'] = request_URI();?&
Use Strict-Transport-Security (STS) to force the use of SSL.&?php$use_sts = TRUE;if ($use_sts && isset($_SERVER['HTTPS']) {& header('Strict-Transport-Security: max-age=500');} elseif ($use_sts && !isset($_SERVER['HTTPS']) {& header('Status-Code: 301');& header('Location: https://'.$_SERVER["HTTP_HOST"].$_SERVER['REQUEST_URI']);}?&
A word of caution...If you have some PHP code or file that is included from within a web request via Apache + PHP, as well as from a command line script, be very careful to inspect the keys inside of $_SERVER that you intend to use.The keys and values are different, and in fact, it also matters if you are running as your_user, sudo php from your_user, or from root. For example, I just found out that $_SERVER['PWD'] is not available if you run from the command line via sudo (PHP 5.2x, CentOS, YMMV).To make a test, create a file called server.php with the following content:&?phpvar_dump($_SERVER);?&Then from the commandline:your_account/dir #$ php server.php & your_account_server.txtyour_account/dir #$ sudo php server.php & your_account_sudo_server.txtyour_account/dir #$ sudo bashroot/dir #$ php server.php & root_server.txtNow you can diff the output of each of these three files and inspect against what you get when viewing the $_SERVER section of phpinfo() from a web request. You may find the differences to be quite striking, in all, four different ways to run the same PHP file!
About $_SERVER['REQUEST_METHOD']return one of this values :
'GET', 'HEAD', 'POST', 'PUT'.& but can also return :'OPTION'
Maybe you're missing information on $_SERVER['CONTENT_TYPE'] or $_SERVER['CONTENT_LENGTH'] as I did. On POST-requests these are available in addition to those listed above.}
HowTo Install Request-Tracker 3.8 on ubuntu 9.10 and MySQL This Howto will explain how to install request-tracker on a clean Ubuntu 9.10 Server install. It is tested on Ubuntu 9.10 and might work with slight modifications on other versions or Debian
1, $ _SESSION ['PHP_SELF'] - for currently executing script file name 2, $ _SERVER ['SERVER_PROTOCOL'] - request a page name and version of the protocol. For example, &HTTP/1.0&. 3, $ _SERVER ['REQUEST_TIME'] - request start timestamp. Starting
&PHP_SELF& Currently executing script file name, and the document root. For example, in the URL address of the script for the /test.php/foo.bar use $ _SERVER ['PHP_SELF'] will be / test.php / foo.bar this result. __FILE__ Const
PHP programmers often need to use some server some of the information, especially the detailed parameters of the $ _SERVER gathering information to facilitate future use. $_SERVER['PHP_SELF'] # The currently executing script file name, and document r
1. $_SERVER['PHP_SELF'] # The currently executing script file name, and document root Related . 2. $_SERVER['argv'] # Array of arguments passed to the script . 3. $_SERVER['argc'] # Contains command line parameters passed to the number of ( If you ru
$_SERVER['PHP_SELF'] // Currently executing script file name, and document root Related . $_SERVER['argv'] // The parameters passed to the script . $_SERVER['argc'] // Contains the command line passed to the program the number of parameters ( If runn
PHP programmers often need to use some server some of the information, especially the detailed parameters of the $ _SERVER gathering information to facilitate future use. $ _SERVER Code: $ _SERVER ['PHP_SELF'] # currently executing script file name,
$ _SERVER ['PHP_SELF'] # currently executing script file name, and the document root. $ _SERVER ['Argv'] # the parameters passed to the script. $ _SERVER ['Argc'] # contains the command line passed to the program the number of parameters (If you run
php $ _SERVER the wording of the current complete url 'Http://'. $ _SERVER ['HTTP_HOST'].$_ SERVER [' PHP_SELF'].'?'.$_ SERVER ['QUERY_STRING']; Array ( [DOCUMENT_ROOT] =& /home6/twosixe2/public_html/king [GATEWAY_INTERFACE] =& CGI/1.1 [HTTP_ACCEPT]
Detailed server variable $ _SERVER: 1, $ _SESSION ['PHP_SELF'] - get current file name of the script being executed 2, $ _SERVER ['SERVER_PROTOCOL'] - request a page name and version of the communication protocol. For example, &HTTP/1.0&. 3, $ _
PHP In $_SERVER Detailed Usage $_SERVER['PHP_SELF'] # Currently executing script file name, and document root Related . $_SERVER['argv'] # The parameters passed to the script . $_SERVER['argc'] # Contains the command line passed to the program the nu
dedecms very powerful, but there are always things that can not meet our own needs, which requires us to use in the design template to write programs &dede:php& Zhege tag, there are always inevitably to query, update, modify the database. But not pl
Note: Transfer from the Internet. Manual carefully to learn a bit today on the content of server variables, write a note, posted hope to help beginners. I think red is more common and important, the blue part is added after I debug, easy to understan
About $ _SERVER ['SCRIPT_URL'] the source of the problem Quoted from /houdelei250/blog/item/c2dc8a7ef3f13.html $ _SERVER ['SCRIPT_URL'] is not a standard CGI / SSI environment variables, and only applied in the request p
&?php /** * CURL Impersonation HTTP request tool , * Supports the following features : * 1: Support ssl connection and proxy Proxy connection * 2: Automatic support for cookie * 3: Simple GET / POST routine operation * 4: Support single file upload m
Detailed server variable $ _SERVER: 1, $ _SESSION ['PHP_SELF'] - get current file name of the script being executed 2, $ _SERVER ['SERVER_PROTOCOL'] - request a page name and version of the communication protocol. For example, &HTTP/1.0&. 3, $ _
{$ Smarty} reserved variable from the PHP script does not require the allocation can be accessed directly in the template array type variables, commonly used to access several special template variables. For example, a direct request to access the pa
Expires, Cache-Control, Last-Modified, ETag is RFC 2616 (HTTP/1.1) protocol and in several fields related to web caching. The first two are used to control the cache expiration date, after the Web page used to verify the validity of two. Note that, H
1 related rpm packages installed, so if you are lazy enough, you can directly install-soap.sh install-soap.sh: #! /bin/sh yum install mysql* -y yum install php-mysql -y yum install php php-soap php-pear-SOAP -y pear install -f -o SOAP (2) the establi
这篇文章主要介绍了php中time()与$_SERVER[REQUEST_TIME]用法区别,详细分析了time()与$_SERVER[REQUEST_TIME]的用法,并以实例形式对比总结了二者在获取当前系统时间戳与请求时间戳的区别,需要的朋友可以参考下 本文实例详细讲述了php中time()与$_SERVER[REQUEST_TIME]用法的区别.分享给大家供大家参考.具体分析如下: 简单的说time()与$_SERVER[&REQUEST_TIME&]都是获得时间的,但time返
这篇文章主要介绍了smarty模板中使用get.post.request.cookies.session变量的方法,需要的朋友可以参考下 {$smarty}保留变量不需要从PHP脚本中分配,是可以在模板中直接访问的数组类型变量,通常被用于访问一些特殊的模板变量.例如,直接在模板中访问页面请求变量.获取访问模板时的时间戳.直接访问PHP中的常量.从配置文件中读取变量等. 1.在模板中访问页面请求变量 我 们可以在PHP脚本中,通过超级全局数组$_GET.$_POST.$_REQUEST获取在客户端
这篇文章主要介绍了php几个预定义变量$_SERVER用法,实例总结了服务器端预定义变量$_SERVER的常见用法,需要的朋友可以参考下 本文实例总结了php几个预定义变量$_SERVER的用法.分享给大家供大家参考.具体如下: &?php echo 'documentroot:'.$_SERVER['DOCUMENT_ROOT'].'&br&'; //根目录,在apache的配置文件里定义:httpd.conf 比如:DocumentRoot &D:/work/php_roo
SMARTY模板中如何使用get,post,request,cookies,session,server变量 {$smarty}保留变量不需要从PHP脚本中分配,是可以在模板中直接访问的数组类型变量,通常被用于访问一些特殊的模板变量.例如,直接在模板中访问页面请求变量.获取访问模板时的时间戳.直接访问PHP中的常量.从配置文件中读取变量等. 1.在模板中访问页面请求变量 我 们可以在PHP脚本中,通过超级全局数组$_GET.$_POST.$_REQUEST获取在客户端以不同方法提交给服务器的数据
app.request.server.get('HTTP_X_REQUESTED_WITH') 就是 $_SERVER['HTTP_X_REQUESTED_WITH'] 相关的参数 或者 变量 常量 Symfony\Component\HttpKernel\Kernel Symfony\Component\HttpFoundation\Request Symfony\Component\Security\Core\SecurityContext Symfony\Component\HttpFou
{$smarty}保留变量不需要从PHP脚本中分配,是可以在模板中直接访问的数组类型变量,通常被用于访问一些特殊的模板变量.例如,直接在模板中访问页面请求变量.获取访问模板时的时间戳.直接访问PHP中的常量.从配置文件中读取变量等. 1.在模板中访问页面请求变量 我 们可以在PHP脚本中,通过超级全局数组$_GET.$_POST.$_REQUEST获取在客户端以不同方法提交给服务器的数据,也可以通 过$_COOKIE或$_SESSION在多个脚本之间跟踪变量,或是通过$_ENV和$_SERVER
在开发web程序的时候,有时我们需要得到用户是从什么页面连过来的,这就用到了referer. 它是http协议,所以任何能开发web程序的语言都可以实现,比如jsp中是: request.getHeader(&referer&); php是$_SERVER['HTTP_REFERER'].其他的我就不举例了(其实是不会其他的语言). js的话就是这样做:javascript:document.referrer 那它能干什么用呢?我举两个例子: 1,防止盗连,比如我是个下载软件的网站,在
1: Send ajax request, in the onComplete, if back when the html contains a javascript, then these javascrip and will not be realized, it does not mean not to implement. This problem has troubled me for a long time, behind the hair and then put this kn
1) Rails defines two abstract class: AbstractRequest and AbstractResponse code is not posted, first take a look at Response. 2) is mainly responsible for the specific ctgi_process.rb main interface is responsible for implementation methods of impleme
Cross-site request forgery (ie, CSRF) has been referred to as Web security sector number of loopholes in the &sleeping giant&, and its level of threat which &reputation& will be shown. This article will briefly explain the loopholes, a
/blog/283992 This is from a PragDave's blog Above to learn skills, very useful, very cool! Saying in a Rails site running the above, we can use Linux's top command to monitor the Rails application instances running condition,
At present the majority of domestic micro-Bo (mini blog) are open api HTTP Basic Access Authentication For authentication. Including rice not, sharawadgi askew, and even chat JavaEye. Twitter is now certified to use OAuth way. Is to sum up with ruby
Sometimes the need to invoke it in View now address the relative path, so can be &%= request.protocol %&&%= request.host %&&%= request.port_string %&&%= request.request_uri %& Either &%= request.url%& google keywords 19 Rails
First, create the XMLHttpRequest object, we can then, through its properties and methods of sending and processing of HTTP request, send the request and response dealing with the general steps are as follows: 1, call open () method set the request of
ajax request with a url address, url address if the cache has not changed and there will be direct to the value, the server will then not be requested. This situation will be different in different machines of IE on different ways to resolve the requ
ajax request with a url address, url address if the cache has not changed and there will be direct to the value, the server will then not be requested. This situation will be different in different machines of IE on different ways to resolve the requ
Bpm in a recent project, a form needed to call another remote DWR but in the process of calling a problem, this method has been sometimes called, sometimes less than a call that is asynchronous the relationship between the reques
http://en.wikipedia.org/wiki/Java_Specification_Request Java Community Process From Wikipedia, the free encyclopedia (Redirected from Java Specification Request) Jump to: navigation, search &! - Start content -& The Java Community Process or JCP, es
Version: prototype 1.6.0.3, struts1.2. Front (page introduction prototype.js): 1, prototype-ajax.jsp &%@ page language=&java& pageEncoding=&UTF-8&%& &% String path = request.getContextPath(); String basePath = request.getSchem
&Abhorrent& in ajax sync request For this reason, I wasted several hours. Encountered in the work of such a demand: Must wait for the follow-up after the completion of pre-task to be implemented, otherwise unable to obtain follow-up method to ge
// The use of encapsulation method only need to be concerned about providing HTTP request method, the URL address data, success and failure callback method // Class definition, the main duty is to create a XMLHttpRequest object var MyXMLHttpRequest =
Prospects: 1, regist.jsp &%@ page language=&java& pageEncoding=&UTF-8&%& &% String path = request.getContextPath(); String basePath = request.getScheme() + &://& + request.getServerName() + &:& + request.ge
Request the getContextPath, getServletPath difference
18:34 Request the getContextPath, getServletPath's () difference between [table] [tr] [td] [img] http://p.blog.csdn.net/images/p_blog_csdn_net/zym83215/t.JPG [/ img] Assumes tha
*URL You can change at will */ String uriAPI = &http://192.168.1.100:8080/test/test.jsp?u=wangyi&p=456&; /* Establish HTTP Get object */ HttpGet httpRequest = new HttpGet(uriAPI); try { /* Send a request and waits for the response */ HttpRes
Struts2 handle the request specify the suffix and the constant introduction of Struts.xml can be modified using struts.action.extension constant &constant name=&struts.action.extension& value=&do&/& You can also specify a variety
Struts2 source code analysis - Request Processing /topic/450979
Basic types of arguments used to receive requests (get / post) In the Action class defines the properties of the same name with the request parameters, struts2 could automatically receives request parameters and gives to the properties of the same na
STRUTS2 access to session and the request My usual way: private HttpServletRequest request = ServletActionContext.getRequest (); private HttpSession session = request.getSession (); Otherwise: The struts1, the availability of the system's request or
Https request using httpclient to visit, reported that the following two kinds of errors: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found javax.net.ssl.SSLPeerUnverifiedException: peer not
Commonly used method of forwarding the request A http request will be forwarded to another servlet, JSP, html pages, requires the use of RequestDispatcher right image and HttpServletResponse's sendRedirect () method. There are three ways to get Reque
Copyright (C) , All Rights Reserved.
版权所有 黔ICP备号-1
processed in 0.092 (s). 8 q(s)Keyboard Shortcuts?
Next menu item
Previous menu item
Previous man page
Next man page
Scroll to bottom
Scroll to top
Goto homepage
Goto search(current page)
Focus search box
Change language:
Brazilian Portuguese
Chinese (Simplified)
$HTTP_SERVER_VARS [removed]
$_SERVER -- $HTTP_SERVER_VARS [removed] & Server and execution environment information
Description
$_SERVER is an array containing information
such as headers, paths, and script locations. The entries in this
array are created by the web server. There is no guarantee that
every web server will
servers may omit some,
or provide others not listed here. That said, a large number of
these variables are accounted for in the , so you should
be able to expect those.
Prior to PHP 5.4.0, $HTTP_SERVER_VARS contained the same initial
information, but was not a .
(Note that $HTTP_SERVER_VARS and $_SERVER
were different variables and that PHP handled them as such.)
You may or may not find any of the following elements in
$_SERVER. Note that few, if any, of these will be
available (or indeed have any meaning) if running PHP on the
'PHP_SELF'
The filename of the currently executing script, relative to
the document root. For instance,
$_SERVER['PHP_SELF'] in a script at the
address /foo/bar.php
would be /foo/bar.php.
constant contains the full path and filename of the current (i.e.
included) file.
If PHP is running as a command-line processor this variable contains
the script name since PHP 4.3.0. Previously it was not available.
''
Array of arguments passed to the script. When the script is
run on the command line, this gives C-style access to the
command line parameters. When called via the GET method, this
will contain the query string.
''
Contains the number of command line parameters passed to the
script (if run on the command line).
'GATEWAY_INTERFACE'
What revision of the CGI specification
i.e. 'CGI/1.1'.
'SERVER_ADDR'
The IP address of the server under which the current script is
executing.
'SERVER_NAME'
The name of the server host under which the current script is
executing. If the script is running on a virtual host, this
will be the value defined for that virtual host.
'SERVER_SOFTWARE'
Server identification string, given in the headers when
responding to requests.
'SERVER_PROTOCOL'
Name and revision of the information protocol via which the
i.e. 'HTTP/1.0';
'REQUEST_METHOD'
Which request method was use i.e. 'GET',
'HEAD', 'POST', 'PUT'.
PHP script is terminated after sending headers (it means after
producing any output without output buffering) if the request method
'REQUEST_TIME'
The timestamp of the start of the request. Available since PHP 5.1.0.
'REQUEST_TIME_FLOAT'
The timestamp of the start of the request, with microsecond precision.
Available since PHP 5.4.0.
'QUERY_STRING'
The query string, if any, via which the page was accessed.
'DOCUMENT_ROOT'
The document root directory under which the current script is
executing, as defined in the server's configuration file.
'HTTP_ACCEPT'
Contents of the Accept: header from the
current request, if there is one.
'HTTP_ACCEPT_CHARSET'
Contents of the Accept-Charset: header
from the current request, if there is one. Example:
'iso-8859-1,*,utf-8'.
'HTTP_ACCEPT_ENCODING'
Contents of the Accept-Encoding: header
from the current request, if there is one. Example: 'gzip'.
'HTTP_ACCEPT_LANGUAGE'
Contents of the Accept-Language: header
from the current request, if there is one. Example: 'en'.
'HTTP_CONNECTION'
Contents of the Connection: header from
the current request, if there is one. Example: 'Keep-Alive'.
'HTTP_HOST'
Contents of the Host: header from the
current request, if there is one.
'HTTP_REFERER'
The address of the page (if any) which referred the user
agent to the current page. This is set by the user agent. Not
all user agents will set this, and some provide the ability
to modify HTTP_REFERER as a feature. In
short, it cannot really be trusted.
'HTTP_USER_AGENT'
Contents of the User-Agent: header from
the current request, if there is one. This is a string
denoting the user agent being which is accessing the page. A
typical example is: Mozilla/4.5 [en] (X11; U;
Linux 2.2.9 i586). Among other things, you
can use this value with
tailor your page's output to the capabilities of the user
'HTTPS'
Set to a non-empty value if the script was queried through the HTTPS
Note that when using ISAPI with IIS, the value will be
off if the request was not made through the HTTPS
'REMOTE_ADDR'
The IP address from which the user is viewing the current
'REMOTE_HOST'
The Host name from which the user is viewing the current
The reverse dns lookup is based off the
REMOTE_ADDR of the user.
Your web server must be configured to create this variable. For
example in Apache you'll need HostnameLookups On
inside httpd.conf for it to exist.
'REMOTE_PORT'
The port being used on the user's machine to communicate with
the web server.
'REMOTE_USER'
The authenticated user.
'REDIRECT_REMOTE_USER'
The authenticated user if the request is internally redirected.
'SCRIPT_FILENAME'
The absolute pathname of the currently executing script.
If a script is executed with the CLI, as a relative path,
such as file.php or
../file.php,
$_SERVER['SCRIPT_FILENAME'] will
contain the relative path specified by the user.
'SERVER_ADMIN'
The value given to the SERVER_ADMIN (for Apache) directive in
the web server configuration file. If the script is running
on a virtual host, this will be the value defined for that
virtual host.
'SERVER_PORT'
The port on the server machine being used by the web server
for communication. For default setups, this will be '80';
using SSL, for instance, will change this to whatever your
defined secure HTTP port is.
Under the Apache 2, you must set UseCanonicalName = On,
as well as UseCanonicalPhysicalPort = On in order to
get the physical (real) port, otherwise, this value can be spoofed and it
may or may not return the physical port value.
It is not safe to rely on this value in security-dependent contexts.
'SERVER_SIGNATURE'
String containing the server version and virtual host name
which are added to server-generated pages, if enabled.
'PATH_TRANSLATED'
Filesystem- (not document root-) based path to the current
script, after the server has done any virtual-to-real
As of PHP 4.3.2, PATH_TRANSLATED is no longer set
implicitly under the Apache 2 SAPI in contrast
to the situation in Apache 1, where it's set to the same value as
the SCRIPT_FILENAME server variable when it's not
populated by Apache.
This change was made to comply with the
CGI specification that
PATH_TRANSLATED should only exist if
PATH_INFO is defined.
Apache 2 users may use AcceptPathInfo = On inside
httpd.conf to define PATH_INFO.
'SCRIPT_NAME'
Contains the current script's path. This is useful for pages
which need to point to themselves.
constant contains the full path and filename of the current (i.e.
included) file.
'REQUEST_URI'
The URI which was given in order for
instance, '/index.html'.
'PHP_AUTH_DIGEST'
When doing Digest HTTP authentication this variable is set
to the 'Authorization' header sent by the client (which you
should then use to make the appropriate validation).
'PHP_AUTH_USER'
When doing HTTP authentication this variable is set to the
username provided by the user.
'PHP_AUTH_PW'
When doing HTTP authentication this variable is set to the
password provided by the user.
'AUTH_TYPE'
When doing HTTP authenticated this variable is set to the
authentication type.
'PATH_INFO'
Contains any client-provided pathname information trailing the
actual script filename but preceding the query string, if
available. For instance, if the current script was accessed via
URL /php/path_info.php/some/stuff?foo=bar,
then $_SERVER['PATH_INFO'] would
contain /some/stuff.
'ORIG_PATH_INFO'
Original version of 'PATH_INFO' before processed by
Example #1 $_SERVER example
&?phpecho&$_SERVER['SERVER_NAME'];?&
The above example will output
something similar to:
Note: This is a 'superglobal', or
automatic global, variable. This simply means that it is available in
all scopes throughout a script. There is no need to do
global $ to access it within functions or methods.
Just a PHP file to put on your local server (as I don't have enough memory)
$indicesServer = array('PHP_SELF',
'argv',
'argc',
'GATEWAY_INTERFACE',
'SERVER_ADDR',
'SERVER_NAME',
'SERVER_SOFTWARE',
'SERVER_PROTOCOL',
'REQUEST_METHOD',
'REQUEST_TIME',
'REQUEST_TIME_FLOAT',
'QUERY_STRING',
'DOCUMENT_ROOT',
'HTTP_ACCEPT',
'HTTP_ACCEPT_CHARSET',
'HTTP_ACCEPT_ENCODING',
'HTTP_ACCEPT_LANGUAGE',
'HTTP_CONNECTION',
'HTTP_HOST',
'HTTP_REFERER',
'HTTP_USER_AGENT',
'HTTPS',
'REMOTE_ADDR',
'REMOTE_HOST',
'REMOTE_PORT',
'REMOTE_USER',
'REDIRECT_REMOTE_USER',
'SCRIPT_FILENAME',
'SERVER_ADMIN',
'SERVER_PORT',
'SERVER_SIGNATURE',
'PATH_TRANSLATED',
'SCRIPT_NAME',
'REQUEST_URI',
'PHP_AUTH_DIGEST',
'PHP_AUTH_USER',
'PHP_AUTH_PW',
'AUTH_TYPE',
'PATH_INFO',
'ORIG_PATH_INFO') ;
echo '&table cellpadding="10"&' ;
foreach ($indicesServer as $arg) {
& & if (isset($_SERVER[$arg])) {
& & & & echo '&tr&&td&'.$arg.'&/td&&td&' . $_SERVER[$arg] . '&/td&&/tr&' ;
& & }
& & else {
& & & & echo '&tr&&td&'.$arg.'&/td&&td&-&/td&&/tr&' ;
& & }
}
echo '&/table&' ;
*;q=0.8
HTTP_ACCEPT_CHARSET& & ISO-8859-1,utf-8;q=0.7,*;q=0.3
HTTP_ACCEPT_ENCODING& & gzip,deflate,sdch
HTTP_ACCEPT_LANGUAGE& & fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
HTTP_CONNECTION& & keep-alive
HTTP_HOST& & localhost
HTTP_REFERER& & http:HTTP_USER_AGENT& & Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17
HTTPS& & -
REMOTE_ADDR& & 127.0.0.1
REMOTE_HOST& & -
REMOTE_PORT& & 65037
REMOTE_USER& & -
REDIRECT_REMOTE_USER& & -
SCRIPT_FILENAME& & E:/web/server_indices.php
SERVER_ADMIN& & myemail@personal.us
SERVER_PORT& & 80
SERVER_SIGNATURE& &
PATH_TRANSLATED& & -
SCRIPT_NAME& & /server_indices.php
REQUEST_URI& & /server_indices.php
PHP_AUTH_DIGEST& & -
PHP_AUTH_USER& & -
PHP_AUTH_PW& & -
AUTH_TYPE& & -
PATH_INFO& & -
ORIG_PATH_INFO& & -
1. All elements of the $_SERVER array whose keys begin with 'HTTP_' come from HTTP request headers and are not to be trusted.2. All HTTP headers sent to the script are made available through the $_SERVER array, with names prefixed by 'HTTP_'.3. $_SERVER['PHP_SELF'] is dangerous if misused. If login.php/nearly_arbitrary_string is requested, $_SERVER['PHP_SELF'] will contain not just login.php, but the entire login.php/nearly_arbitrary_string. If you've printed $_SERVER['PHP_SELF'] as the value of the action attribute of your form tag without performing HTML encoding, an attacker can perform XSS attacks by offering users a link to your site such as this:&a href='"&&script type="text/javascript"&...&/script&&span a="'&&/a&The javascript block would define an event handler function and bind it to the form's submit event. This event handler would load via an &img& tag an external file, with the submitted username and password as parameters.Use $_SERVER['SCRIPT_NAME'] instead of $_SERVER['PHP_SELF']. HTML encode every string sent to the browser that should not be interpreted as HTML, unless you are absolutely certain that it cannot contain anything that the browser can interpret as HTML.
I needed to get the full base directory of my script local to my webserver, IIS 7 on Windows 2008.
I ended up using this:
&?php
function GetBasePath() {
& & return substr($_SERVER['SCRIPT_FILENAME'], 0, strlen($_SERVER['SCRIPT_FILENAME']) - strlen(strrchr($_SERVER['SCRIPT_FILENAME'], "\\")));
}
?&
And it returned C:\inetpub\wwwroot\&applicationfolder& as I had hoped.
It's worth noting that $_SERVER variables get created for any HTTP request headers, including those you might invent:If the browser sends an HTTP request header of:X-Debug-Custom: some stringThen:&?php$_SERVER['HTTP_X_DEBUG_CUSTOM']; ?&There are better ways to identify the HTTP request headers sent by the browser, but this is convenient if you know what to expect from, for example, an AJAX script with custom headers.Works in PHP5 on Apache with mod_php.& Don't know if this is true from other environments.
When using the $_SERVER['SERVER_NAME'] variable in an apache virtual host setup with a ServerAlias directive, be sure to check the UseCanonicalName apache directive.& If it is On, this variable will always have the apache ServerName value.& If it is Off, it will have the value given by the headers sent by the browser.Depending on what you want to do the content of this variable, put in On or Off.
If you are serving from behind a proxy server, you will almost certainly save time by looking at what these $_SERVER variables do on your machine behind the proxy.&& $_SERVER['HTTP_X_FORWARDED_FOR'] in place of $_SERVER['REMOTE_ADDR']$_SERVER['HTTP_X_FORWARDED_HOST'] and $_SERVER['HTTP_X_FORWARDED_SERVER'] in place of (at least in our case,) $_SERVER['SERVER_NAME']
An even *more* improved version...&?phpphpinfo(32);?&
&?phpforeach (explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']) as $lang) {& & $pattern = '/^(?P&primarytag&[a-zA-Z]{2,8})'.& & '(?:-(?P&subtag&[a-zA-Z]{2,8}))?(?:(?:;q=)'.& & '(?P&quantifier&\d\.\d))?$/';& & $splits = array();& & printf("Lang:,,%s''\n", $lang);& & if (preg_match($pattern, $lang, $splits)) {& & & & print_r($splits);& & } else {& & & & echo "\nno match\n";& & }}?&example output:Google Chrome 3.0.195.27 Windows xpLang:,,de-DE''Array(& & [0] =& de-DE& & [primarytag] =& de& & [1] =& de& & [subtag] =& DE& & [2] =& DE)Lang:,,q=0.8''Array(& & [0] =&q=0.8& & [primarytag] =& de& & [1] =& de& & [subtag] =& & & [2] =& & & [quantifier] =& 0.8& & [3] =& 0.8)Lang:,,en-US;q=0.6''Array(& & [0] =& en-US;q=0.6& & [primarytag] =& en& & [1] =& en& & [subtag] =& US& & [2] =& US& & [quantifier] =& 0.6& & [3] =& 0.6)Lang:,,q=0.4''Array(& & [0] =&q=0.4& & [primarytag] =& en& & [1] =& en& & [subtag] =& & & [2] =& & & [quantifier] =& 0.4& & [3] =& 0.4)
A table of everything in the $_SERVER array can be found near the bottom of the output of phpinfo();
You have missed 'REDIRECT_STATUS'Very useful if you point all your error pages to the same file.F .htaccess# .htaccess file.ErrorDocument 404 /error-msg.phpErrorDocument 500 /error-msg.phpErrorDocument 400 /error-msg.phpErrorDocument 401 /error-msg.phpErrorDocument 403 /error-msg.php# End of file.F error-msg.php&?php& $HttpStatus = $_SERVER["REDIRECT_STATUS"] ;& if($HttpStatus==200) {print "Document has been processed and sent to you.";}& if($HttpStatus==400) {print "Bad HTTP request ";}& if($HttpStatus==401) {print "Unauthorized - Iinvalid password";}& if($HttpStatus==403) {print "Forbidden";}& if($HttpStatus==500) {print "Internal Server Error";}& if($HttpStatus==418) {print "I'm a teapot! - This is a real value, defined in 1998";}?&
A way to get the absolute path of your page, independent from the site position (so works both on local machine and on server without setting anything) and from the server OS (works both on Unix systems and Windows systems).The only parameter it requires is the folder in which you place this scriptSo, for istance, I'll place this into my SCRIPT folder, and I'll write SCRIPT word length in $conflen&?php$conflen=strlen('SCRIPT');$B=substr(__FILE__,0,strrpos(__FILE__,'/'));$A=substr($_SERVER['DOCUMENT_ROOT'], strrpos($_SERVER['DOCUMENT_ROOT'], $_SERVER['PHP_SELF']));$C=substr($B,strlen($A));$posconf=strlen($C)-$conflen-1;$D=substr($C,1,$posconf);$host=''.$_SERVER['SERVER_NAME'].'/'.$D;?&$host will finally contain the absolute path.
I think the HTTPS element will only be present under Apache 2.x. It's not in the list of "special" variables here:But it is here:
$_SERVER['DOCUMENT_ROOT'] is incredibly useful especially when working in your development environment. If you're working on large projects you'll likely be including a large number of files into your pages. For example:
&?php
define("REGISTRY_CLASSES",& $_SERVER['DOCUMENT_ROOT']."/SOAP/classes/");
& & & & define("REGISTRY_CONTROLS", $_SERVER['DOCUMENT_ROOT']."/SOAP/controls/");
& & & & define("STRING_BUILDER",& && REGISTRY_CLASSES. "stringbuilder.php");
& & & & define("SESSION_MANAGER",& && REGISTRY_CLASSES. "sessionmanager.php");
& & & & define("STANDARD_CONTROLS",& & REGISTRY_CONTROLS."standardcontrols.php");
?&
In development environments, you're rarely working with your root folder, especially if you're running PHP locally on your box and using DOCUMENT_ROOT is a great way to maintain URL conformity. This will save you hours of work preparing your application for deployment from your box to a production server (not to mention save you the headache of include path failures).
If requests to your PHP script send a header "Content-Type" or/ "Content-Length" it will, contrary to regular HTTP headers, not appear in $_SERVER as $_SERVER['HTTP_CONTENT_TYPE']. PHP removes these (per CGI/1.1 specification[1]) from the HTTP_ match group.They are still accessible, but only if the request was a POST request. When it is, it'll be available as:$_SERVER['CONTENT_LENGTH']$_SERVER['CONTENT_TYPE'][1] https://www.ietf.org/rfc/rfc3875
Be warned that most contents of the Server-Array (even $_SERVER['SERVER_NAME']) are provided by the client and can be manipulated. They can also be used for injections and thus MUST be checked and treated like any other user input.
Here's a simple, quick but effective way to block unwanted external visitors to your local server:
&?php
if ($_SERVER['REMOTE_ADDR'] !== '127.0.0.1') die(header("Location: /"));
?&
This will direct all external traffic to your home page. Of course you could send a 404 or other custom error. Best practice is not to stay on the page with a custom error message as you acknowledge that the page does exist. That's why I redirect unwanted calls to (for example) phpmyadmin.
$_SERVER['DOCUMENT_ROOT'] may contain backslashes on windows systems, and of course it may or may not have a trailing slash (backslash).I saw the following as an example of the proper way we're supposed to deal with this issue:&?phpinclude(dirname($_SERVER['DOCUMENT_ROOT']) . DIRECTORY_SEPARATOR . 'file.php');?&Ok, the latter may be used to access a file inside the parent directory of the document root, but actually does not properly address the issue.In the end, don't warry about. It should be safe to use forward slashes and append a trailing slash in all cases.Let's say we have this:&?php$path = 'subdir/file.php';$result = $_SERVER['DOCUMENT_ROOT'] . '/' . $path;?&On linux $result might be something like1) "/var/www/subdir/file.php"2) "/var/www//subdir/file.php"String 2 is parsed the same as string 1 (have a try with command 'cd').On windows $result might be something like1) "C:/apache/htdocs/subdir/file.php"2) "C:/apache/htdocs//subdir/file.php"3) "C:\apache\htdocs/subdir/file.php"4) "C:\apache\htdocs\/subdir/file.php"All those strings are parsed as "C:\apache\htdocs\subdir\file.php" (have a try with 'cd').
Use the apache SetEnv directive to set arbitrary $_SERVER variables in your vhost or apache config.SetEnv varname "variable value"
searched $_SERVER["REDIRECT_URL"] for a while and noted that it is not mentioned in php documentation page itself. look like this is only generated by apache server(not others) and using&& $_SERVER["REQUEST_URI"] will be useful in some cases as mine.
Tech note:$_SERVER['argc'] and $_SERVER['argv'][] has some funny behaviour,used from linux (bash) commandline, when called like "php ./script_name.php 0x020B" there is everything correct, but "./script_name.php 0x020B"is not correct - "0" is passed instead of "0x020B" as $_SERVER['argv'][1] - see the script below.Looks like the parameter is not passed well from bash to PHP.(but, inspected on the level of bash, 0x020B is understood well as $1)try this example:-------------&8------------------cat ./script_name.php#! /usr/bin/phpif( $_SERVER['argc'] == 2)& {& & // funny... we have to do this trick to pass e.g. 0x020B from parameters& & // ignore this: "PHP Notice:& Undefined offset:& 2 in ..."& & $EID = $_SERVER['argv'][1] + $_SERVER['argv'][2] + $_SERVER['argv'][3];& } else&& {& & & & // default& && $EID = 0x0210; // PPS failure&& }
On Windows IIS 7 you must use $_SERVER['LOCAL_ADDR'] rather than $_SERVER['SERVER_ADDR'] to get the server's IP address.
To get an associative array of HTTP request headers formatted similarly to get_headers(), this will do the trick:&?phpfunction get_request_headers() {& & $headers = array();& & foreach($_SERVER as $key =& $value) {& & & & if(strpos($key, 'HTTP_') === 0) {& & & & & & $headers[str_replace(' ', '-', ucwords(str_replace('_', ' ', strtolower(substr($key, 5)))))] = $value;& & & & }& & }& & return $headers;}?&
A simple function to detect if the current page address was rewritten by mod_rewrite:
&?php
public function urlWasRewritten() {
& $realScriptName=$_SERVER['SCRIPT_NAME'];
& $virtualScriptName=reset(explode("?", $_SERVER['REQUEST_URI']));
& return !($realScriptName==$virtualScriptName);
}
?&
Proccess path_info&?phpfunction get_path_info(){& & if( ! array_key_exists('PATH_INFO', $_SERVER) )& & {& & & & $pos = strpos($_SERVER['REQUEST_URI'], $_SERVER['QUERY_STRING']);& & & & & & $asd = substr($_SERVER['REQUEST_URI'], 0, $pos - 2);& & & & $asd = substr($asd, strlen($_SERVER['SCRIPT_NAME']) + 1);& & & & & & & & return $asd;& & & & }& & else& & {& & & & return trim($_SERVER['PATH_INFO'], '/');& & }}
Not documented here is the fact that $_SERVER is populated with some pretty useful information when accessing PHP via the shell. ["_SERVER"]=&& array(24) {& & ["MANPATH"]=&& & string(48) "/usr/share/man:/usr/local/share/man:/usr/X11/man"& & ["TERM"]=&& & string(11) "xterm-color"& & ["SHELL"]=&& & string(9) "/bin/bash"& & ["SSH_CLIENT"]=&& & string(20) "127.0.0.1 41242 22"& & ["OLDPWD"]=&& & string(60) "/Library/WebServer/Domains//private"& & ["SSH_TTY"]=&& & string(12) "/dev/ttys000"& & ["USER"]=&& & string(5) "username"& & ["MAIL"]=&& & string(15) "/var/mail/username"& & ["PATH"]=&& & string(57) "/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin"& & ["PWD"]=&& & string(56) "/Library/WebServer/Domains//www"& & ["SHLVL"]=&& & string(1) "1"& & ["HOME"]=&& & string(12) "/Users/username"& & ["LOGNAME"]=&& & string(5) "username"& & ["SSH_CONNECTION"]=&& & string(31) "127.0.0.1 .0.1 22"& & ["_"]=&& & string(12) "/usr/bin/php"& & ["__CF_USER_TEXT_ENCODING"]=&& & string(9) "0x1F5:0:0"& & ["PHP_SELF"]=&& & string(10) "Shell.php"& & ["SCRIPT_NAME"]=&& & string(10) "Shell.php"& & ["SCRIPT_FILENAME"]=&& & string(10) "Shell.php"& & ["PATH_TRANSLATED"]=&& & string(10) "Shell.php"& & ["DOCUMENT_ROOT"]=&& & string(0) ""& & ["REQUEST_TIME"]=&& & int()& & ["argv"]=&& & array(1) {& & & [0]=&& & & string(10) "Shell.php"& & }& & ["argc"]=&& & int(1)& }
&?phpfunction relativeURL () {& & $dir = str_replace('\\', '/', __DIR__);& & & & return substr($dir, strlen($_SERVER['DOCUMENT_ROOT']));& & & & }require '../classes/Form.php';new Form()-&drawCaptchaField();& & if (isset($_GET['captcha'])) {& & }class Form {& & public function drawCaptchaField () {& & & & echo '&img src="'.relativeURL().'?captcha" /&';& & }}?&
Don't forget $_SERVER['HTTP_COOKIE']. It contains the raw value of the 'Cookie' header sent by the user agent.
Windows running IIS v6 does not include $_SERVER['SERVER_ADDR']If you need to get the IP addresse, use this instead:&?php$ipAddress = gethostbyname($_SERVER['SERVER_NAME']);?&
I was testing with the $_SERVER variable and some request method, and I found that with apache I can put an arbitrary method.For example, I have an script called "server.php" in my example webpage with the next code:&?phpecho $_SERVER['REQUEST_METHOD'];?&And I made this request:c:\&nc -vv
80 [x.x.x.x] 80 (http) openArbitratyMethod /server.php HTTP/1.1Host: wow.sinfocol.orgConnection: CloseThe response of the server is the next:HTTP/1.1 200 OKDate: Fri, 15 Jan :09 GMTServer: ApacheConnection: closeTransfer-Encoding: chunkedContent-Type: text/htmlArbitratyMethodSo, be carefully when include the $_SERVER['REQUEST_METHOD'] in any script, this kind of "bug" is old and could be dangerous.
All the $_SERVER[''] In php :
echo "PHP_SELF : " . $_SERVER['PHP_SELF'] . "&br /&";
echo "GATEWAY_INTERFACE : " . $_SERVER['GATEWAY_INTERFACE'] . "&br /&";
echo "SERVER_ADDR : " . $_SERVER['SERVER_ADDR'] . "&br /&";
echo "SERVER_NAME : " . $_SERVER['SERVER_NAME'] . "&br /&";
echo "SERVER_SOFTWARE : " . $_SERVER['SERVER_SOFTWARE'] . "&br /&";
echo "SERVER_PROTOCOL : " . $_SERVER['SERVER_PROTOCOL'] . "&br /&";
echo "REQUEST_METHOD : " . $_SERVER['REQUEST_METHOD'] . "&br /&";
echo "REQUEST_TIME : " . $_SERVER['REQUEST_TIME'] . "&br /&";
echo "REQUEST_TIME_FLOAT : " . $_SERVER['REQUEST_TIME_FLOAT'] . "&br /&";
echo "QUERY_STRING : " . $_SERVER['QUERY_STRING'] . "&br /&";
echo "DOCUMENT_ROOT : " . $_SERVER['DOCUMENT_ROOT'] . "&br /&";
echo "HTTP_ACCEPT : " . $_SERVER['HTTP_ACCEPT'] . "&br /&";
echo "HTTP_ACCEPT_CHARSET : " . $_SERVER['HTTP_ACCEPT_CHARSET'] . "&br /&";
echo "HTTP_ACCEPT_ENCODING : " . $_SERVER['HTTP_ACCEPT_ENCODING'] . "&br /&";
echo "HTTP_ACCEPT_LANGUAGE : " . $_SERVER['HTTP_ACCEPT_LANGUAGE'] . "&br /&";
echo "HTTP_CONNECTION : " . $_SERVER['HTTP_CONNECTION'] . "&br /&";
echo "HTTP_HOST : " . $_SERVER['HTTP_HOST'] . "&br /&";
echo "HTTP_REFERER : " . $_SERVER['HTTP_REFERER'] . "&br /&";
echo "HTTP_USER_AGENT : " . $_SERVER['HTTP_USER_AGENT'] . "&br /&";
echo "HTTPS : " . $_SERVER['HTTPS'] . "&br /&";
echo "REMOTE_ADDR : " . $_SERVER['REMOTE_ADDR'] . "&br /&";
echo "REMOTE_HOST : " . $_SERVER['REMOTE_HOST'] . "&br /&";
echo "REMOTE_PORT : " . $_SERVER['REMOTE_PORT'] . "&br /&";
echo "REMOTE_USER : " . $_SERVER['REMOTE_USER'] . "&br /&";
echo "REDIRECT_REMOTE_USER : " . $_SERVER['REDIRECT_REMOTE_USER'] . "&br /&";
echo "SCRIPT_FILENAME : " . $_SERVER['SCRIPT_FILENAME'] . "&br /&";
echo "SERVER_ADMIN : " . $_SERVER['SERVER_ADMIN'] . "&br /&";
echo "SERVER_PORT : " . $_SERVER['SERVER_PORT'] . "&br /&";
echo "SERVER_SIGNATURE : " . $_SERVER['SERVER_SIGNATURE'] . "&br /&";
echo "PATH_TRANSLATED : " . $_SERVER['PATH_TRANSLATED'] . "&br /&";
echo "SCRIPT_NAME : " . $_SERVER['SCRIPT_NAME'] . "&br /&";
echo "REQUEST_URI : " . $_SERVER['REQUEST_URI'] . "&br /&";
echo "PHP_AUTH_DIGEST : " . $_SERVER['PHP_AUTH_DIGEST'] . "&br /&";
echo "PHP_AUTH_USER : " . $_SERVER['PHP_AUTH_USER'] . "&br /&";
echo "PHP_AUTH_PW : " . $_SERVER['PHP_AUTH_PW'] . "&br /&";
echo "AUTH_TYPE : " . $_SERVER['AUTH_TYPE'] . "&br /&";
echo "PATH_INFO : " . $_SERVER['PATH_INFO'] . "&br /&";
echo "ORIG_PATH_INFO : " . $_SERVER['ORIG_PATH_INFO'] . "&br /&";
By : @44it
[EDITOR'S NOTE: Removed external link. EDITED BY: thiago]
Be aware that it's a bad idea to access x-forwarded-for and similar headers through this array. The header names are mangled when populating the array and this mangling can introduce spoofing vulnerabilities.See
for details of a real world exploit of this.
I'm lazy but rigorous:&?phpwhile (list($var,$value) = each ($_SERVER)) {echo $var." Val:".$value."&br /&";}&a href="//php-how-to-print-all-_server-variables/"&Thank you sir!&/a&?&
If you are looking at $_SERVER['HTTP_USER_AGENT'] to determine whether your user is on a mobile device, you may want to visit these resources:
I've used the SplPriorityQueue to determine an HTTP client's preferred MIME types that are in $_SERVER['HTTP_ACCEPT'].&?php$queue = new \SplPriorityQueue();foreach (preg_split('#,\s*#', $_SERVER['HTTP_ACCEPT']) as $accept) {& & $split = preg_split('#;\s*q=#', $accept, 2);& & $queue-&insert($split[0], isset($split[1]) ? (float)$split[1] : 1.0);}foreach ($queue as $mime) {& & echo $mime, PHP_EOL;}?&My browser sends:Accept: text/html,application/xhtml+xml,application/q=0.9,*/*;q=0.8And this script outputs:text/htmlapplication/xhtml+xmlapplication/xml*/*A better example:Accept: text/html, application/xml,text/q=0.4,text/ q=0.9, application/q=0.8And this script outputs:text/htmlapplication/xmltext/plainapplication/jsontext/css
On a few of servers (e.g, Strato AG Germany, shared hosting)& $_SERVER["DOCUMENT_ROOT"] follow symlinks (while so configured by admins)This is a problem while __DIR__ give the realpath.& Try the error with this small script inside of& DOCUMENT_ROOT:&?phpheader('Content-type: text/plain');echo '__DIR__& & & & & & & & & & & & & & : ', __DIR__ , "\n";echo '$_SERVER["DOCUMENT_ROOT"]& & & & & : ', $_SERVER["DOCUMENT_ROOT"] , "\n";echo 'realpath($_SERVER["DOCUMENT_ROOT"]): ', realpath($_SERVER["DOCUMENT_ROOT"]), "\n";if (-1 & strpos(__DIR__, $_SERVER["DOCUMENT_ROOT"]) ) {& & trigger_error('Fatal: '. __FILE__& & & && . ' darf nicht in oder unterhalb von DOCUMENT_ROOT ('& & & && . $_SERVER["DOCUMENT_ROOT"] . ') liegen!', E_USER_ERROR);& &}?&This will never trigger the error!Use better:&?phpheader('Content-type: text/plain');echo '__DIR__& & & & & & & & & & & & & & : ', __DIR__ , "\n";echo '$_SERVER["DOCUMENT_ROOT"]& & & & & : ', $_SERVER["DOCUMENT_ROOT"] , "\n";echo 'realpath($_SERVER["DOCUMENT_ROOT"]): ', realpath($_SERVER["DOCUMENT_ROOT"]), "\n";if (-1 & strpos(__DIR__, $_SERVER["DOCUMENT_ROOT"]) ) {& & trigger_error('Fatal: '. __FILE__& & & && . ' darf nicht in oder unterhalb von DOCUMENT_ROOT ('& & & && . $_SERVER["DOCUMENT_ROOT"] . ') liegen!', E_USER_ERROR);& &}?&
The best way to see all variables within the $_SERVER array, that I have found, is as follows:&?phpforeach($_SERVER as $key =& $value){echo '$_SERVER["'.$key.'"] = '.$value."&br /&";}?&This will tell you which ones are available on your server and what they are set to.
$_SERVER['DOCUMENT_ROOT'] in different environments may has trailing slash or not, so be careful when including files from $_SERVER['DOCUMENT_ROOT']:&?phpinclude(dirname($_SERVER['DOCUMENT_ROOT']) . DIRECTORY_SEPARATOR . 'file.php')?&
Note that, in Apache 2, the server settings will affect the variables available in $_SERVER. For example, if you are using SSL, the following directive will dump SSL-related status information, along with the server certificate and client certificate (if present) into the $_SERVER variables:SSLOptions +StdEnvVars +ExportCertData
Example:$current = $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];echo $will output the root to the current page, including url and document root, something like:/users/profile.php
'HTTPS'& & Set to a non-empty value if the script was queried through the HTTPS protocol. Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol. Does the same for IIS7 running PHP as a Fast-CGI application.
To get the name and web path of the current script&?php$scriptname=end(explode('/',$_SERVER['PHP_SELF']));$scriptpath=str_replace($scriptname,'',$_SERVER['PHP_SELF']);?&
This is a short script to know what values are defined &?php echo "&textarea&";print_r($_SERVER);echo "&/textarea&";?&
HTTPSSet to a non-empty value if the script was queried through the HTTPS protocol.Note: Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol.=-=-=To clarify this, the value is the string "off", so a specific non-empty value rather than an empty value as in Apache.
I'm the author of this noteI optimized since that note the path function, basically added detection of windows slashes and a partial optionNow is released on github/sabas/magicpath
REQUEST_URI is useful, but if you want to get just the file name use:&?php$this_page = basename($_SERVER['REQUEST_URI']);if (strpos($this_page, "?") !== false) $this_page = reset(explode("?", $this_page));?&
It makes sense to want to paste the $_SERVER['REQUEST_URI'] on to a page (like on a footer), but be sure to clean it up first with htmlspecialchars() otherwise it poses a cross-site scripting vulnerability.
htmlspecialchars($_SERVER['REQUEST_URI']);
I want to share with you a full function to get the remote IP that calls a PHP url using the $_SERVER array.function getRealIP(){ if( $_SERVER['HTTP_X_FORWARDED_FOR'] != '' ){
$client_ip =
( !empty($_SERVER['REMOTE_ADDR']) ) ?
$_SERVER['REMOTE_ADDR']
( ( !empty($_ENV['REMOTE_ADDR']) ) ?
$_ENV['REMOTE_ADDR']
"unknown" );
$entries = split('[, ]', $_SERVER['HTTP_X_FORWARDED_FOR']);
reset($entries);
while (list(, $entry) = each($entries)){
$entry = trim($entry);
if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", $entry, $ip_list) ){
$private_ip = array(
'/^127\.0\.0\.1/',
'/^192\.168\..*/',
'/^172\.((1[6-9])|(2[0-9])|(3[0-1]))\..*/',
'/^10\..*/');
$found_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
if ($client_ip != $found_ip){
$client_ip = $found_
} } else {
$client_ip =
( !empty($_SERVER['REMOTE_ADDR']) ) ?
$_SERVER['REMOTE_ADDR']
( ( !empty($_ENV['REMOTE_ADDR']) ) ?
$_ENV['REMOTE_ADDR']
"unknown" ); } return $client_}This function was found in
Please note on Windows/IIS - the variable 'USER_AUTH' will return the username/identity of the user accessing the page, i.e. if anonymous access is off, you would normally get back "$domain\$username".
I've updated the function of my previous poster and putted it into my class.&?php& & private function _checkClientLanguage()& & {& & & & & & $langcode = (!empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '';& & & & $langcode = (!empty($langcode)) ? explode(";", $langcode) : $langcode;& & & & $langcode = (!empty($langcode['0'])) ? explode(",", $langcode['0']) : $langcode;& & & & $langcode = (!empty($langcode['0'])) ? explode("-", $langcode['0']) : $langcode;& & & & return $langcode['0'];& & }?&Please note, you have to check additional the result! Because the header may be missing or another possible thing, it is malformed. So check the result with a list with languages you support and perhaps you have to load a default language.&?phpif(!in_array($lang, $language_list)) {& & & & & & & & $lang = $language_default; ?&My HTTP_ACCEPT_LANGUAGE string:FF3: de-de,q=0.8,en-q=0.5,q=0.3 IE7: de-chSo, take care of it!
For an hosting that use windows I have used this script to make REQUEST_URI to be correctly setted on IIS&?phpfunction request_URI() {& & if(!isset($_SERVER['REQUEST_URI'])) {& & & & $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'];& & & & if($_SERVER['QUERY_STRING']) {& & & & & & $_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING'];& & & & }& & }& & return $_SERVER['REQUEST_URI'];}$_SERVER['REQUEST_URI'] = request_URI();?&
Use Strict-Transport-Security (STS) to force the use of SSL.&?php$use_sts = TRUE;if ($use_sts && isset($_SERVER['HTTPS']) {& header('Strict-Transport-Security: max-age=500');} elseif ($use_sts && !isset($_SERVER['HTTPS']) {& header('Status-Code: 301');& header('Location: https://'.$_SERVER["HTTP_HOST"].$_SERVER['REQUEST_URI']);}?&
A word of caution...If you have some PHP code or file that is included from within a web request via Apache + PHP, as well as from a command line script, be very careful to inspect the keys inside of $_SERVER that you intend to use.The keys and values are different, and in fact, it also matters if you are running as your_user, sudo php from your_user, or from root. For example, I just found out that $_SERVER['PWD'] is not available if you run from the command line via sudo (PHP 5.2x, CentOS, YMMV).To make a test, create a file called server.php with the following content:&?phpvar_dump($_SERVER);?&Then from the commandline:your_account/dir #$ php server.php & your_account_server.txtyour_account/dir #$ sudo php server.php & your_account_sudo_server.txtyour_account/dir #$ sudo bashroot/dir #$ php server.php & root_server.txtNow you can diff the output of each of these three files and inspect against what you get when viewing the $_SERVER section of phpinfo() from a web request. You may find the differences to be quite striking, in all, four different ways to run the same PHP file!
About $_SERVER['REQUEST_METHOD']return one of this values :
'GET', 'HEAD', 'POST', 'PUT'.& but can also return :'OPTION'
Maybe you're missing information on $_SERVER['CONTENT_TYPE'] or $_SERVER['CONTENT_LENGTH'] as I did. On POST-requests these are available in addition to those listed above.}
我要回帖
更多推荐
- ·如何入侵别人的网站,获取数据获取方式有哪些?
- ·如何怎么进入别人网站管理页面网站后台?
- ·因为比较胖,多 囊 多囊卵巢最快受孕方法不孕吗?
- ·按照西周时的规定,周天子可以享天子用九鼎诸侯用七鼎是什么制度,这种情况反应了什么问题_百度知 ...
- ·库怎么组词?组五笔怎么打出来?
- ·微信加好友到底是怎么回事?收费吗?
- ·为什么苹果六微信视频的时候我这边的头像是黑的
- ·苹果5屏蔽微信红包来了自动提醒群红包怎样设置
- ·15年高考584分能报广工计算机专业么?
- ·固态硬盘
- ·腹黑女vs腹黑男txt百度云
- ·大家帮忙取一下名字公历2008-10-15-21-35男姓王,急改名上一年级,小孩老是生病,想换个
- ·怎么往快调爱普生330打印机
- ·unicode字符集是几位的字符编码表
- ·求助!笔记本无法开机。
- ·三星galaxyj7价格j7 手机开屏振动怎么取消
- ·解封5173卖家找回什么后果是不是买家一句话的事
- ·为什么电脑会出现蓝框中间写着用户名和密码
- ·我是陕西考生超一本线19 分 能上西安邮电大学吗 并且这个学校怎么样 希望大家能给点建议
- ·长春大学与俄罗斯乌斯季诺夫波罗的海国立技术大学合作留学费用大至是多少人民币
- ·php 中 if($addr != $outin or out$addr != $in)这句话错了吗?
- ·supor 苏泊尔电饭煲怎么拆卸
- ·电脑总是死机 画面卡住 鼠标不动该如何办呢?
- ·不灭之魂带的什么绑腿
- ·美洲杯直播哪个节目好看?
- ·姚明打NBA前写给美国老板/教练的一封匿名信
- ·乐视体育直播节目时间表?
- ·蝶泳吉尼斯记录最大年龄是多少?73
- ·武体健身健美属于提前批吗
- ·卓越跆拳道离环卫局家属院最近的是哪一家?
- ·中央电视台学习八段锦
- ·美国女足对英格兰1/4决赛英格兰和加拿大谁输谁赢?
- ·去游泳管里游泳光穿泳裤不带帽子可以吗
- ·湖南城市学院体育教育有没有专修健美操
- ·我12岁,男,153cm,49kg,肚子上有些脂肪,怎么练腹肌???
- ·番禺海边哪里可以游泳
