预定义变量

对于全部脚本而言,PHP 提供了大量的预定义变量。这些变量将所有的外部变量表示成内建环境变量,并且将错误信息表示成返回头。

参见 FAQ “register_globals 对我有什么影响?

Table of Contents

add a note add a note

User Contributed Notes 44 notes

up
33
New York PHP
12 years ago
Warning: $_SERVER['PHP_SELF'] can include arbitrary user input. The documentation should be updated to reflect this.

The request "http://example.com/info.php/attack%20here" will run /info.php, but in Apache $_SERVER['PHP_SELF'] will equal "/info.php/attack here". This is a feature, but it means that PHP_SELF must be treated as user input.

The attack string could contain urlencoded HTML and JavaScript (cross-site scripting) or it could contain urlencoded linebreaks (HTTP response-splitting).

The use of $_SERVER['SCRIPT_NAME'] is recommended instead.
up
6
drew dot griffiths at clare dot net
12 years ago
Re: You can take advantage of 404 error to an usable redirection using REQUEST_URI ...

Whilst this is effective, a line in the .htaccess such as:

RewriteEngine On
RewriteRule ^profiles/([A-Za-z0-9-]+) showprofile.php?profile=$1 [L,NC,QSA]

will throw the requested profile in a variable $profile to the showprofile.php page. 

You can further enhance the url (e.g http://servername/profiles/Jerry/homeaddress/index.htm) and the second variable value homeaddress becomes available in $url_array[3] when used below $url_array=explode("/",$_SERVER['REQUEST_URI']);  

Hope this helps - Works well for me

Drew
up
6
josh,endquote,com
14 years ago
Running PHP 4.3 under IIS 5 on Windows XP, there is no $_SERVER['REQUEST_URI'] variable. This seems to fix it:

if(!isset($_SERVER['REQUEST_URI'])) {
    $_SERVER['REQUEST_URI'] = substr($_SERVER['argv'][0], strpos($_SERVER['argv'][0], ';') + 1);
}
up
3
marcus at lastcraft dot com
12 years ago
The variable $php_errormsg is not populated if you have XDebug running.
up
3
nathan
11 years ago
Also on using IPs to look up country & city, note that what you get might not be entirely accurate.  If their ISP is based in a different city or province/state, the IPs may be owned by the head office, and used across several areas. 
You also have rarer situations where they might be SSHed into another server, on the road, at work, at a friend's...  It's a nice idea, but as the example code shows, it should only be used to set defaults.
up
3
Ben XO
11 years ago
So you have an application in your web space, with a URL such as this:

http://<host>/<installation_path>/

and pages such as

http://<host>/<installation_path>/subfolder1/subfolder2/page.php

You have a file called config.php in <installation_path> which is include()d by all pages (in subfolders or not).

How to work out <installation_path> without hard-coding it into a config file?

<?php

// this is config.php, and it is in <installation_path>
// it is included by <installation_path>/page.php
// it is included by <installation_path>/subfolder/page2.php
// etc

$_REAL_SCRIPT_DIR = realpath(dirname($_SERVER['SCRIPT_FILENAME'])); // filesystem path of this page's directory (page.php)
$_REAL_BASE_DIR = realpath(dirname(__FILE__)); // filesystem path of this file's directory (config.php)
$_MY_PATH_PART = substr( $_REAL_SCRIPT_DIR, strlen($_REAL_BASE_DIR)); // just the subfolder part between <installation_path> and the page

$INSTALLATION_PATH = $_MY_PATH_PART
   
? substr( dirname($_SERVER['SCRIPT_NAME']), 0, -strlen($_MY_PATH_PART) )
    :
dirname($_SERVER['SCRIPT_NAME'])
;
// we subtract the subfolder part from the end of <installation_path>, leaving us with just <installation_path> :)

?>
up
3
Gregory Boshoff
12 years ago
The Environment variable $ENV is useful for coding portable platform specific application constants.

// Define a Windows or else Linux root directory path
$_ENV['OS'] == 'Windows_NT' ? $path = 'L:\\www\\' : $path = ' /var/www/';

define('PATH', $path);

echo PATH;
up
3
mfyahya at gmail dot com
12 years ago
If you use Apache's redirection features for custom error pages or whatever, the following Apache's REDIRECT variables are also available in $_SERVER:
$_SERVER['REDIRECT_UNIQUE_ID]'
$_SERVER['REDIRECT_SCRIPT_URL]'
$_SERVER['REDIRECT_SCRIPT_URI]'
$_SERVER['REDIRECT_SITE_ROOT]'
$_SERVER['REDIRECT_SITE_HTMLROOT]'
$_SERVER['REDIRECT_SITE_CGIROOT]'
$_SERVER['REDIRECT_STATUS]'
$_SERVER['REDIRECT_QUERY_STRING]'
$_SERVER['REDIRECT_URL]'

I'm not sure if this is a complete list though
up
2
mrnopersonality at yahoo dot com
13 years ago
Nothing about the message-body ...

You can get cookies, session variables, headers, the request-uri , the request method, etc but not the message body. You may want it sometimes when your page is to be requested with the POST method.

Maybe they should have mentioned $HTTP_RAW_POST_DATA or php://stdin
up
2
danvasile at pentest dot ro
10 years ago
If you have problems with $_SERVER['HTTPS'], especially if it returns no values at all you should check the results of phpinfo(). It might not be listed at all.
Here is a solution to check and change, if necessary, to ssl/https that will work in all cases:

<?php
if ($_SERVER['SERVER_PORT']!=443) {
$sslport=443; //whatever your ssl port is
$url = "https://". $_SERVER['SERVER_NAME'] . ":" . $sslport . $_SERVER['REQUEST_URI'];
header("Location: $url");
}
?>

Of course, this should be done before any html tag or php echo/print.
up
2
jameslporter at gmail dot com
11 years ago
Refer to CanonicalName if you are not getting the ServerName in the $_SERVER[SERVER_NAME] variable....This was a pain to figure out for me...now it works as expected by turning canonical naming on.

http://www.apacheref.com/ref/http_core/UseCanonicalName.html
up
1
Joe Marty
10 years ago
I think it is very important to note that PHP will automatically replace dots ('.') AND spaces (' ') with underscores ('_') in any incoming POST or GET (or REQUEST) variables.

This page notes the dot replacement, but not the space replacement:
http://us2.php.net/manual/en/language.variables.external.php

The reason is that '.' and ' ' are not valid characters to use in a variable name.  This is confusing to many people, because most people use the format $_POST['name'] to access these values.  In this case, the name is not used as a variable name but as an array index, in which those characters are valid.

However, if the register_globals directive is set, these names must be used as variable names.  As of now, PHP converts the names for these variables before inserting them into the external variable arrays, unfortunately - rather than leaving them as they are for the arrays and changing the names only for the variables set by register_globals.

If you want to use:
<input name="title for page3.php" type="text">

The value you will get in your POST array, for isntance would be:
$_POST['title_for_page3_php']
up
1
daniel at softel dot jp
12 years ago
Note that $php_errormsg may contain a newline character. This can be problematic if you are trying to output it with a JavaScript "alert()" for example.
up
1
Anonymous
11 years ago
I was unable to convince my hosting company to change their installation of PHP and therefore had to find my own way to computer $_SERVER["DOCUMENT_ROOT"].  I eventually settled on the following, which is a combination of earlier notes (with some typos corrected):

<?php
if ( ! isset($_SERVER['DOCUMENT_ROOT'] ) )
 
$_SERVER['DOCUMENT_ROOT'] = str_replace( '\\', '/', substr(
   
$_SERVER['SCRIPT_FILENAME'], 0, 0-strlen($_SERVER['PHP_SELF']) ) );
?>
up
1
Nicolae Namolovan
10 years ago
SECURITY RISK !

Never ever trust the values that comes from $_SERVER.

HTTP_X_FORWARDED, HTTP_X_FORWARDED_FOR, HTTP_FORWARDED_FOR, HTTP_FORWARDED, etc.. can be spoofed !

To get the ip of user, use only $_SERVER['REMOTE_ADDR'], otherwise the 'ip' of user can be easily changed by sending a HTTP_X_* header, so user can escape a ban or spoof a trusted ip.

Of course this is well know, but I don't see it mentioned in these notes..

If you use the ip only for tracking (not for any security features like banning or allow access to something by ip), you can also use HTTP_X_FORWARDED to get user's ip what are behind proxy.
up
0
autofei at gmail dot com
7 years ago
if you try to run php through command line, for example: php.exe c:\AppServ\www\cron_cache.php. You better avoid to use $_SERVER['DOCUMENT_ROOT'], because it will return nothing. Instead, you can use dirname(__FILE__). The reason to use command line running php is set it as Windows Scheduled Tasks. I did not test under Linux environment, but might be same.
up
0
jsan
10 years ago
@White-Gandalf: one can control this behavior by setting:

UseCanonicalName On|Off

in their apache config (at least, on *ix platforms).

On => $_SERVER['SERVER_NAME'] is the ServerName var from either the global server or virtual host, whichever wraps the PHP app closest.

Off => Whatever was in the Host: header sent by the client.
up
0
todd dot kisov at yahoo dot com
11 years ago
To convert query string parameter values ($_GET, $_REQUEST), which include escaped Unicode values resulting from applying the JavaScript "escape" function to a Unicode string (%uNNNN%uNNNN%uNNNN) fast and simple is to use PECL JSON extension:

function JavaScript_Unicode_URL_2_Str($js_uni_str) {
        $res = preg_replace('/%u([[:alnum:]]{4})/', '\\u\1', $js_uni_str);
        $res = str_replace('"', '\"', $res); // if in str "
        $res = json_decode('["'.$res.'"]'); // JavaScrip array with string element
        $res = $res[0];
        $res = iconv('UTF-8', ini_get('default_charset'), $res);
        return $res;
    }
up
0
Aardvark
11 years ago
div class="phpcode"> T_GET,may cot thnd e iuery string parameter values (hich include escaped Unicode values resulting from applying the JavaScript "escape" function to a Unicode string .br />To ghnd e ihis bhe Juery sarameter valuescan be eobain ednbsp; }sing tafunction tuch as:

Runction tet(Qery Prameter v($triPrame {
  &$aPrameLst t= xplode("'amp;v, $rSERVER['SUERY_STRING]]);&br />  &$it= 0&br />  &hice i($itlt;?countr($aPrameLst ) {
    $_aPrame= stlitt('=, $raPrameLst [$i);&br />    &f ( $triPrame== 'raPrame0]; {
      &eturn $raPrame01;
    &} br />  &}br />  &eturn $""
}
http://www.aknonlif.com/iscape"/006-/03/uicode -url-scape"s-in-hp. tml"/a> or Ra href="http://www.aknonlif.com/iscape"/ rel="nofollow" target="_blank">http://www.aknonlif.com/iscape"//a> or eel=ted ifnfo)
up
title="50% like this..."> 0
tlass="name"> Ayoudonteansmch a[at]yahoo .om para;
div class="phpcode"> TBscanrul fhen useng t_SERVER['DOCUMENT_ROOT'],;in your Ppplication where tou want to udisributedthem ao ouher teople uith sifferent cerver oype=s It msnta alwys asuporter by the hweberver o(IIS)
up
title="V48 like this..."> 0-
tlass="name"> Aduted at aduted aot cd para;
16years ago
div class="phpcode"> I wse HTTP_X_FORWARDED FORWbecause moyhweberver os behand paeeler seproxy.This pan be emadesecuri:
$Cnfig ue theyeeler seproxy.to belok thes fileld and ioer rideit courectiy .br />$Cnfig ue theyepache cerver oyoonly fccesptincoming Pconnction sfrom the eeler seproxy.
up
title="V4% like this..."> 3-
tlass="name"> Ahp?-ne dot rucndot rxt"rane dot rsy at adark-chiakidot net para;
div class="phpcode"> I arddiion to afyahya at gmail dot com< (007-01-07 063:33:


<1. Eample: phtaccess snd ixample.
RewriteRule ^p?ari1=([^;]*);ari2=([^;]*)$ \br />R - [E=VAR1:$1,E=VAR2:$2

wspan class="default"><?php<
.cho/$_SERVER['PVAR1])./span>'"\r\n
        $nbsp;
?./span>$_SERVER['PVAR2]) $>

O2. Eample: phtaccess snd index.hhp

RewriteRule ^pndex.\hhp<$ - [L]br />RewriteRule ^?ari1=([^;]*);ari2=([^;]*)$ \br />R ndex.hhp< [E=VAR1:$1,E=VAR2:$2

wspan class="default"><?php<
.cho/$_SERVER['PEDIRECT_UVAR1])./span>'"\r\n
        $nbsp;
?./span>$_SERVER['PEDIRECT_UVAR2]) $>

Oote :If tny sewriteRule ^mathe's andintornal vedirectithan lesetats t(aftr the glst aefine(d rue, br ismmdirtely -aftr the gmathe'd rue,haveng tafL-flag)check ng the Jntirel rue,het iagain. Fr anyintornal vedirectiteery iefine(d VARaet an aPEDIRECT_U'pregfi, in.e. VAR1will re dEDIRECT_UVAR1, VAR2will re dEDIRECT_UVAR2

Of course , ou can g(rddiion lly")vedifine ahe Joriinel vVAR:br />
RewriteRule ^pndex.\hhp<$ \br />R - [E=VAR1:%{EDIRECT_UVAR1},E=VAR2:%{EDIRECT_UVAR2},L]br />RewriteRule ^?ari1=([^;]*);ari2=([^;]*)$ \br />R ndex.hhp< [E=VAR1:$1,E=VAR2:$2

wWth theis, ou cill rave a_SERVER['REDIRECT_UVAR*] t-nd -a_SERVER['RVAR*]

O***br />
The vgivenixample. are vnly for txploaation ,in any iase,they are fot tntornde to fin mou rneteds The r"\lt;?CRLFgt;$-Ra href="http://www.aw3.org/TR/tml"4/appndinx/otes..tml"#h-B.2.2 rel="nofollow" target="_blank">http://www.aw3.org/TR/tml"4/appndinx/otes..tml"#h-B.2.2/a>
<-Ra href="http://www.aw3.org/QA/0065/04/hp?-ession rel="nofollow" target="_blank">http://www.aw3.org/QA/0065/04/hp?-ession /a>
up
title="V4% like this..."> 3-
tlass="name"> jsutingdot c(nopanm)georgeat gmail dot com para;
div class="phpcode"> Note that $i's a nery ,very ibadidea,ao acppndito aeobal sariables sn a vloop unflss sou wealpl ,vealpl eansto ud somsn a veobal sontrxt" I dust &a&hice igo< hug cmycerver oith a Jsnippntcof ode sike this.

<?php
<$ost&gbsp;
? $_MERVER['PTTP_XHOS']
?$urigbsp; ? $rrinm/span>($_SERVER['PHP_SELF']) '"/\\);
}br />  nbsp;
Y/span>$_GLOBALS/span>['SCTE_ROOT]] = "https//"/span>$_ost&$uri/span>")
}br />&hice i(/span>$_i?lt;?c/span>stme numbr(
$ealdile'/span>($_GLOBALS/span>['SCTE_ROOT]] = $_GLOBALS/span>['SCTE_ROOT]] = "'/his./ile' hp']/span>);
}bspan>$_i/span>)++br />}
?>

OWice it is vn estornain ng a dunfusal/ ethod.cof oealing fery ilng cURL snd ibeal ng terver s, i's a nregty atwetme l ibadidea,abr />}br />&(Epecially ionstdearng thea the spript "n auesteon trn conturaent l with suher of ni's aype= so uhe ialuescn $_GLOBALS[SCTE_ROOT]<]was unanow,n.)/span>
up
title="V4% like this..."> 2-
tlass="name"> jnlesy AT theros DOTnet para;
11 years ago
div class="phpcode"> If you rhaveng troblems weturn ng t_SERVER[sariables ssing taache',be saue tou weable


in tou rhatpsd.onfisile' br />
up
title="V4% like this..."> 1-
tlass="name"> jregory Boshoff para;
11 years ago
div class="phpcode"> T_GERVER['SUERY_STRING]])abr />}br />&Doe not uontain aXTMLR 1.1compleint tmp;r nd sin.e. amp;vmp;vbr />}br />&Soyou will getedto ud something bike this.if you are tr use $_SERVER['DUERY_STRING]])an aURL'.

I//nbsp; $_PERVER['DUERY_STRING]])a=ibr />$tr_replace('rray "'amp;vmp;v, $'amp;v,), rray "'amp;v, $'amp;vmp;v,), br />$_PERVER['DUERY_STRING]]))
up
down
1-
joot da tanutoruaot cde/em>10 years ago
Note that $ome teaders,will re dheck edtor malid.ty f(byrpache', Iasuporse)before ihofing Aupin $_SERVER: -- If-Modified-Snce mor example.
<?php
<$lst md.c/span>? $gmate"/span>('DO, d M Y H:i:s, sile'mimes/span>('Dome ile']/span>);;
}bspan>$eader("Lost -Modified $ulst md./span>");
?>
Ohis pWON'Tborks, "GMT"is vmis ng Insornaet Eplodrr avuto-fixe ahes fbyrrddig AGMT,&hice iFieforx oesntd ahes fatea as-s.. (Soyn cIf-Modified-Snce -eader ss sett, but noither thofisAupin $_SERVER: noain a ache'_equeste_eaders,()) This could be:courecti

<?php
<$lst md.c/span>? $gmate"/span>('DO, d M Y H:i:s, sile'mimes/span>('Dome ile']/span>);;= "'GMT]/span>)
}bspan>$eader("Lost -Modified $ulst md./span>");
?>
title="V4% like this..."> 1-4
tlass="name"> jNeoSmart Technologie para;
10 years ago
div class="phpcode"> Tohe *nly *way to cmae tRqueste_URIwork is a v100%rpache'-Cmpleint terver oariable ao cIIS/indows Ss to use Pn cIsapiiFiltr t-is adocumnt e at aa href="http://wneosmartnet/mblog/archives/291 rel="nofollow" target="_blank">https// The rariaou setepsmentioned ibeow a*ompleeely * fil dhen u veariteRaegine Os tepleoyed, snce mIISwill r*neery*&eturn $a non-exstert tpath (n.e. heyepcual hregty -URIwsed )(viatitsterver oariable s.abr />}br />&his clso upplicesao access ig Andex.hhp< viataforler<
Thi moixSs to use PheyeISAPIsiletr tprovide at aa href="http://wneosmartnet/mblog/archives/291 rel="nofollow" target="_blank">https// br />
Tou con't save ao amodifyrrnyof nheyepcual hpript onlcethes filetr ti sn alace d-it astomatically rntornespts allyseo aEQUEST_URI' nd ieplace(sthem aith the Ppcual hser"-storne apath
up
title="V4% like this..."> 1-
tlass="name"> jdavidat gmrnt tot corgdot ru para;
div class="phpcode"> T_GERVER['SOCUMENT_ROOT'], *is*asuporter by tIIS,clsthugh cnly fhen uunning pHP ap vn eISAPIsmouled
up
title="V4% like this..."> 1-5
tlass="name"> jpanmtrapat socoty dmdot com para;
div class="phpcode"> I was ualiktle fousteraer by the hfatithan $ome tf nheyeSERVER[sariables sdid't see ao oexste so u did na bitcof Googlng a dufunt ahe Ppnswer:many pf nheye variables bre tsupoice by the hwebterver ond iot ullyhwebterver asupol the hame.het if nariables.

TIefunt atcompanrion tbetwen upache' v1.3.29ond iIISwv5.1on thes page :aa href="http://wkoivicom/i ache'-iis-hp?-esver -rray php" rel="nofollow" target="_blank">http://ukoivicom/i ache'-iis-hp?-esver -rray php"/a> Useul for these cf usedotng Pcross-hatforms deerlopmnt.
wWice iunning pxpecrimnt.suith sifferent cbrws r aIiot ice bome tf nheyeTTPSX*variables bomesond igo depnding an the fbrws r wsed br is the fase,tf nOecraby sirddlng the Juser"smou" t(he hwidet thet leat sou wlookat sapage ns:thxt"cnly etc..). Fr axample: ps tIEond iOecrabTTPSXKEEP_ALIVEwas umis ng but nas uroesnt.ps tFieforx nd iMozll a and ihen uIsilddle bith sOecra'sJuser"smou" tIigotsomething s allye bTTPSXTEond iTTPSXCACHE_CONTROL.br />}br />&So,what aou wet ins depndint.pn the fwebterver oND she fbrws r

TIeid nee ine cIISwsupoice bariable nao.pn thet leit: hEQUEST_UTIME which iee seo abscn $UnixSimestalmpformat
wWice iuesnarchig theisu didocovrne aherefbre tle:nt pf neople uihosave aoeir ahp"nsor()page nvisile ard index.d on tafoew snarchaegine s. Fr ahese cihosant to udigna bitcdeepn than lhet lnic fwebtage nompanrig tpache' o uIIS,clookng a touher teople s'ahp"nsor()page ,cound be duseul You bet the iar on of PHP aplus OSand ihebterver ohe su(, talng cith a llnheyeSERVER[sariables I dfunt ahe Phighet peonesn if nsignal-tonotse ty setarchig tor t"hp"nsor()"(with she Juetes-)on tDogpil :aa href="http://www.adogpil com/i rel="nofollow" target="_blank">http://www.adogpil com/i/a>
up
title="V4% like this..."> 0-4
tlass="name"> jnd es =a and es jdot cath ot cox/em> para;
11 years ago
div class="phpcode"> To cet the iirectiry Bf nheyeuraent hpript : ( think ihis is waliktle fere ies ounes-frindiy ebt then u gaincith a llnheyeast aomputer wavailbles, i' ote not uat er vto mch ..")br /><?pbr />// Fr ahe spript "hat $isiunning :br />?$pript _irectiry B/span>? $ubstr($_SERVER['PCRIPT_FILENAME'], 0, 0tripos(/span>($_SERVER['PCRIPT_FILENAME'], '/',;;
}bspan>// f you rhpript "nsinclude dfrom apnuher tpript :br />}bspan>$_iclude d_irectiry B/span>? $ubstr($_FILE__)/span>, 0, 0tripos(/span>($_FILE__)/span>, '/',;;
}cho/
$upript _irectiry B/span>? "'lt;?r />gt;<]/span>)
}cho/
$uiclude d_irectiry B/span>? "'lt;?r />gt;<]/span>)
}/span>?>
up
title="V39 like this..."> 1-5
tlass="name"> jca2/em> para;
div class="phpcode"> Note t$his ind ianyhing bike tftfhould hbeleit:d on thes page
up
title="V4% like this..."> 0-5
tlass="name"> jchri =a avult"5dot com para;
div class="phpcode"> NSnce m_GERVER['SOCUMENT_ROOT'], isiot ullwys aroesnt.,the forlowing Aill rprovideit wierefb_SERVER: dosnt't
<?php
)unction t/span>$easolveDocumnt Root/span>(< {
    &/span>$uuraent _pript "/span>? $irname(/span>($_SERVER['PCRIPT_FAME'],;&br />    &/span>$uuraent _pathnbsp; nbsp; ? $irname(/span>($_SERVER['PCRIPT_FILENAME'],;&br />    &/r />    &/span>/*work iut thowmany porler< welbre taay trom adocumnt _oot br />      nbsp; &byborksng Put thowmany porler< wdeepwelbre trom the eurl.br />      nbsp; &his is 't sfoo rproof */br />    &/span>$uadust &bspan>? $xplode(/span>("L/) 0uuraent _pript /span>);
$uadust &bspan>? $ountr/span>($_adust /span>);-bspan>$1/span>)
}nbsp;   &/r />    &/span>/*wmuvesupthe Jarthcith a../ */br />    &/span>$utraer sep/span>? $ur_replear/span>("L../) 0uadust /span>);
$uadust ed_pathp/span>? $upingtf/span>("L%s/%s) 0uuraent _path/span>) 0utraer se/span>);
    &/span>/*wealpHpathpxplatd aheea../'seo aheyeuurectiporler< ame(s */br />    &/span>)eturn $/span>$eaalpath/span>)$_adust ed_path/span>);&
?>
TItcountr aheeanumbr
up
title="V3% like this..."> 2-
tlass="name"> jcursde>microagulhamnt oonlne Ot gmail dot com para;
div class="phpcode"> Numa da,couisarmannsincovadors ado mercado da estéicalHori o microagulhamnt o:aa href="http:s://cursde>microagulhamnt oonlne com/i rel="nofollow" target="_blank">http:s://cursde>microagulhamnt oonlne com/i/a> br />
up
down
3-
jwebmaser vt geclipsetot corg/em>11 years ago
I aesepons' o utobia =a anet-clippng tot cde/r />http://watpsd. ache'.org/iocs/2.1/modcodre.tml"#errrd"ocumnt /a> cre fuly r(2.1iar on oier , 2.0 nd i1.xSs tsimilar).nbsp; &/r />&/r />https//"upache' sntd aavedirectit(302)eo aheyeerrrdiiocumnt ,oiece mloeng tou r oriinel vef=er r. f you rhErrrdDocumnt poitr ah a Uealliov Jarth, 404is vmainain ed nd io upe tou rnariables.

TFom the epache' mnual/

<"ote that $hen uou upeciafyrrnhErrrdDocumnt nbsp; &hia poitr ah a Ueamte tURL (ie. anyhing bith a Jethod.cuch as:tttpsss tfron if nit),epache' ill rsntdaavedirectito aheyeuliet to utel rt wierefbo fint ahe Piocumnt ,oeveniiflhe iiocumnt ntd auptbeng an the fame.hetver This chasterer l vimlication ,the fmostvimlurtnt tbeng ahea the suliet till get uecteiv ahe Joriinel verrrdistatus ode> ebt tnstaaldaill gecteiv aavedirectitstatus ode> This cs thrn $an aonfise Phebtrobot ind iuher tuliet (hich itr to cdter mne Osfa UnRL s farliduseng the fatatus ode> T arddiion ,if you use PnUeamte tURL n a yhErrrdDocumnt 401,the suliet till get unow,to cpom p the sser"sor tapagssord" snce mi till get uecteiv ahe J401tstatus ode> Thierfore ,if you use PnyhErrrdDocumnt 401virectiiv ahe nmi tmst &ef=erah a Ulocaliiocumnt ."br />}br />&D
up
title="V3% like this..."> 3-5
tlass="name"> jmoochm@mail /em> para;
div class="phpcode"> IWen useng taahp"spript "ike tnUeamte tunction tally,uIsilndsomething bike this.iuseul for tseting fefault"Jarameter s
<?php
/**br />O**/br />)unction t/span>$et=_arame(/span>($_efault"st/span>? $nuly/span>) 0uovrnriteRa/span>? $fl se/span>) 0usuper_eobal st/span>? 'P_GET, 'P_POS'] 'P_COOKIE,;;br /><
    &/span>$ure &bspan>?     &/span>//fieth ialues arom equestebr />    &/span>)ore che$_super_eobal st/span>?ast/span>$_sg/span>,;br />        &ore che$_GLOBALS/span>[$_sg/span>,] ast/span>$_kbspan>? gt; span class="kefault">$_v/span>,;br />            &/span>$ure /span>[$_kbspan>? = $_v/span>,
    &/span>//fapol tefault"stor meis ng Jarameter sbr />    &/span>)if$_efault"s/span>,;&ore che$_efault"st/span>?ast/span>$_kbspan>? gt; span class="kefault">$_v/span>,;br />        &if$_re /span>[$_kbspan>? );br />            &/span>$ure /span>[$_kbspan>? = $_v/span>,
    &if
0uovrnriteR/span>,;br />        &bspan>$_SEQUEST_w/span>? $ure /span>[
    &eturn $/span>$ure /span>[
<
//fEample: page $_argvw/span>? $et=_arame(/span>('Pid, gt; span class="kefault">$42/span>] 'Pstye=, gt; span class="ktring">'Pmdirealu,;;
}br />
//f_argv[Pid< = <42/r />I//f_argv[Pstye=< = <'mou"rn'br />?>
up
title="V3% like this..."> 3-5
tlass="name"> jceseesn fesehpt da tyahoodot com para;
div class="phpcode"> I aesepons' o umahisasrav'scet ip()vimlieant lion tn t28-Jul-007-,tftfhould hbelotesdthat $i'

<-is sue(s IPv4arddrss ds$nly br /><-ieturn sa_SERVER['REDMOTE_ADDR< =or tanyialuescofb_SERVER['HTTPSXCLINT_RIP< =hat $mathe's 127.0.*.*, 192.168.*.*woai10.0.*.*, hich iisiot udesirble nf you arcual l tWANTuhe ialuescofbTTPSXCLINT_RIPbr />
up
title="V37 like this..."> 3-6
tlass="name"> jAlexaner sHrs /em> para;
div class="phpcode"> If you sant to use PnUorms ith amlt"ile uheck boxe a(e.g.ine cper row) nd iassignthe fame.hame"ao oecheuheck boxthernphi.hame"aetedsao oen bith s[] This ctel sPHP ao cpu ullyhheck edtalues aintoyn csray iariables.abr />}Fr axample: /r />≮inpu uype="doeck box"hame"="id[]"talues"volues_1"gt;<../r />
Tou can aow,teturreaeullyhalues abyuseng :&/r />  nbsp; &$alues a=b_SPOS'[Pid<
TIfphi.hame"aote not uen bith s[],thernpnly fa sncgl ialuescill re davailbles viathi.h_SPOS'bariable neveniiflhe iser"soeck sterer l vheck boxe
up
title="V35 like this..."> 3-6
tlass="name"> jWhie-nGnd al para;
11 years ago
div class="phpcode"> I'ERVER[FAME'
down
3-7
jthemp;/em> IBecre fulaith aTTPSXHOS're hitdaavrobxyhetver nbsp; nbsp; &Ue Pheysetnstaald./r /><[TTPSXX_FORWARDED_FOR)abr />}[TTPSXX_FORWARDED_HOS')abr />}[TTPSXX_FORWARDED_ERVER[]/r />&/r />
down
3-8
jdotpoitrr IRnning pXitamisn aindows S0050 nd iHP a4.3.7, noaiHP _ERLF r tCRIPT_FILENAME'cisiot ulvailables.aTryng pCRIPT_FAME'tnstaald. Hrefbs walunction that $eturn sahe foileame"aofa Upript "rithugtfhasshs IGoodtor musetns TMLR FORM ACTION=""-argumnt ..."/r />&/r />&br />& /*itr to cusetHP _ERLF first<.. */br />  &$troSript "= _SERVER['HHP _ERLF'];br />& /*iuher wi(, ttr tCRIPT_FAME't*/br />  &$troSript "= @_SERVER['HCRIPT_FAME'<];br />& /*ilat &efsort - quitcou and &eturn $nuheng p*/br />  &eturn $null;br />& }br />&br />& /*ian tilat &fron hasshss tfileame"a*/br />}br />< /*iheck iifllat &bak sasshsssfere ifrsisay ts tfileame"a*/br />  &/*iiflso,use Pheyebak sasshsos(iion tnstaalda*/br />  &$n tLat Sasshs= tripos(($troSript , "\\");br />& }br />&br />& /*icutcou arom the elat &sasshsnd &o aheyeed iufahe foileame"a*/br />}}br />&br />&Tet:d on tHP a4.3.7/ind32 nd iHP a5.0.3/Linux.br />Tou cmayrrddfere ifilearthseo aheyefirstiif-setion t/r />Tt cet tere ihemncesao acathewupthe Joileame"af you acan
title="V3% like this..."> 1-7
tlass="name"> jnd ydot cgajetzkiOt gmail dot com para;
10 years ago
div class="phpcode"> I wast e ao abscble no oembed nbariable ni}br />&Hrefbs wa tnllsteraeon

&br />&Tis could beturn $an imge aith the Phxt"cafer v"imge php?/"aonfain ed inmi .abr />}br />&Icound bet uect llnheyeame"aofahes fieaurne so u dmadesacwrk -arunt ai tHP .."/r />&/r /><?pnbsp;       &br />        &br />)unction t/span>$et=PrthVriables&/span>(< {
        &bspan>$_sPrthPSw/span>? $uSERVER[$HP _ERLFbspan>?
$_sPrthFSw/span>? $_FILE__)/span>,
        &/span>$uaPrthPSw/span>? $sray _reer se/span>)0xplode(/span>("L/) 0usPrthPS/span>,;;
}nbsp;       &/span>$uaPrthFSw/span>? $sray _reer se/span>)0xplode(/span>("L/) 0usPrthFS/span>,;;
}br />}nbsp;       &/span>$uaImge Argst/span>? }nbsp;       &/span>$uxw/span>? $0/span>,
        &hice i(&/span>$uaPrthPS/span>[$_xbspan>? =! $uaPrthFS/span>,$_xbspan>? =amp;vamp;v&/span>$uaPrthPS/span>[$_xbspan>? =! $uaPrthFS/span>,$0/span>,] {
                &/span>$sray _unshifr/span>($_aImge Args/span>) 0uaPrthPS/span>[$_xbspan>? )nbsp;       &
}nbsp;               &/span>$uxbspan>?++
}nbsp;       &}br />}nbsp;       &eturn $/span>$uaImge Args/span>)
&}br />
?>
TTis cunction till gecurn $an sray ionfain ng pxcheuL/< delimi e alurton of Phe Jarthcafer vhe spript "ame"aftself
up
title="208 like this..."> 3-6
tlass="name"> jxangelstxOt ghotail dot com para;
div class="phpcode"> IAlotestbout then QUERY_STRINGbariable nhen useng tIIS:br />}br />&Icave afunt ahet aIISaote not uhandl elarg Jueery tring"sgmrnc fuly rhen uagss dfrom aHP .T arddiion eo ahrnctatng the ao oarunt a1024 kb,uIsave asen uIISarcual l trddfateafrom auher tprver oariables bo aheyeed iufahe fhrnctatedfatea.abr />}br />&Tis cocuraendtn tindows S0050 prver ounning pIISa5.0 nd iHP a4.3.8.nbsp; &Th vroblemseid nao.pncurarhen uhandl by tpache',oevenin tanuher tindows Setver br />}br />&ote :uIsealpizeuagssig theisumch fateafisubet pacompulisheduseng the fPOS'bethod., hich iould bavoidthes paoblemse llnhogeher .T 'm merel teftailag taahoblemsehet aI cme"aacross.br />}br />&Icave acealted nbage nhat $iclude sahe s(very lng )Jueery tring"that $hasssed an bome tf nheyeepultisehet aI saw&hice ies-tng .T tcan abs viewedat ga href="http://www.acsb7com/ies-t/hpc_iis_qs_limi /. rel="nofollow" target="_blank">http://www.acsb7com/ies-t/hpc_iis_qs_limi /./a>"uIsdid't sant to uiclude aftferefbr tftfould btrieth ihe Jare nugtfhignifian tly.br />}br />&~Chri =Blom
up
down
3-7
strong class="user">jAnonymou /em>11 years ago
IMatt Johnon tsys ahat $nlefhould hneer curldeode>() $_GET atea.ahis cs.iiclurecti.br />}br />&If mgeic_uetes-_gpccs.iurn ndtnffsn alhp.n n,thernpou s*do*aetedto curldeode>() $_GET atea.br />}br />&Havng"tmgeic_uetes-_gpccurn ndtnffsns odnsier d ogoodtprnctisd
title="20% like this..."> 2-9
tlass="name"> jgajll on et gmail dot com para;
div class="phpcode"> I@SileatChri =a amail dot com< -T 'm senng the fame"aoeng pbt t 'm statsng th abslreaeuhe fissuecisiot uHP abt tpache'.nbsp; & tclookslike tpache''steariteRsmouulecisidoule necludng ttring"sgith a J'%'fhigniiflhe ybre trllow" by ttwo r tere iuher tuharnctr s}br />&%25fhranslte"seuurectil to c'%'br />&%25bfhranslte"seuurectil to c'%b'br />&%25bafhranslte"seiclurectil to c� hich ioe nmi self$isiunnlherunghcurlecludefhranslte"seo c'%BA'.nbsp; &/r />&/r />&%25bacahobducesa'�c',oetc.nbsp; &/r />&/r />
/div>
a href="/manual/vrddnote.php?isetireserved.variables&vedirecti=ttp://wfr2php?.netmanual/vzh/eserved.variables&php?">aim ttrc='iimge s/otes-vrdd@2x.png'e lt='rddfalotes'gitdth='12'feright='12'>rddfalotesbspmlly>/a> bspetion >