1、$_SERVER["SCRIPT_NAME"]
说明:包含当前脚本的路径
2、$_SERVER["PHP_SELF"]
说明:当前正在执行脚本的文件名
3、$_SERVER["QUERY_STRING"]
说明:查询(query)的字符串
4、$_SERVER["REQUEST_URI"]
说明:访问此页面所需的URI
实例:
1.http://blog.snsgou.com/ (直接打开主页)
结果:
$_SERVER["SCRIPT_NAME"] = "/index.php" $_SERVER["PHP_SELF"] = "/index.php" $_SERVER["QUERY_STRING"] = "" $_SERVER["REQUEST_URI"] = "/"
2.http://blog.snsgou.com/?p=222 (附带查询)
结果:
$_SERVER["SCRIPT_NAME"] = "/index.php" $_SERVER["PHP_SELF"] = "/index.php" $_SERVER["QUERY_STRING"] = "p=222" $_SERVER["REQUEST_URI"] = "/?p=222"
3.http://blog.snsgou.com/index.php?p=222&q=biuuu
结果:
$_SERVER["SCRIPT_NAME"] = "/index.php" $_SERVER["PHP_SELF"] = "/index.php" $_SERVER["QUERY_STRING"] = "p=222&q=biuuu" $_SERVER["REQUEST_URI"] = "/index.php?p=222&q=biuuu"
4.http://blog.snsgou.com/123/123.php/abc/def?id=222&name=jack
$_SERVER["SCRIPT_NAME"] = "/123/123.php" $_SERVER["PHP_SELF"] = "/123/123.php/abc/def" $_SERVER["QUERY_STRING"] = "id=222&name=jack" $_SERVER["REQUEST_URI"] = "/123/123.php/abc/def?id=222&name=jack"
5.http://blog.snsgou.com/123/123.php/abc/def.bat?id=222&name=jack
$_SERVER["SCRIPT_NAME"] = "/123/123.php" $_SERVER["PHP_SELF"] = "/123/123.php/abc/def.bat" $_SERVER["QUERY_STRING"] = "id=222&name=jack" $_SERVER["REQUEST_URI"] = "/123/123.php/abc/def.bat?id=222&name=jack"
- $_SERVER["SCRIPT_NAME"] 获取当前脚本的路径,如:index.php
- $_SERVER["PHP_SELF"] 当前正在执行脚本的文件名
- $_SERVER["QUERY_STRING"] 获取查询语句,实例中可知,获取的是?后面的值
- $_SERVER["REQUEST_URI"] 获取http://blog.snsgou.com后面的值,包括/
总结一下,对于SCRIPT_NAME、PHP_SELF、QUERY_STRING、REQUEST_URI,深入了解将有利于我们 在$_SERVER函数中正确调用这四个值。
一般地: $_SERVER["REQUEST_URI"] = $_SERVER["PHP_SELF"] . '?' . $_SERVER["QUERY_STRING"]
注意:当有地址重写时,情况有些变化,如:
/class 重写到 /index.php?app=class&mod=Index&act=index
此时:
$_SERVER['PHP_SELF'] 值等于 /index.php
$_SERVER['QUERY_STRING'] 值等于 /index.php?app=class&mod=Index&act=index
$_SERVER["REQUEST_URI"] 值等于 /class
uchome系统中处理技巧:
//处理REQUEST_URI
if (!isset($_SERVER['REQUEST_URI'])) {
$_SERVER['REQUEST_URI'] = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) $_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING'];
}
if ($_SERVER['REQUEST_URI']) {
$temp = urldecode($_SERVER['REQUEST_URI']);
if (strexists($temp, '<') || strexists($temp, '"')) {
$_GET = shtmlspecialchars($_GET); // XSS
}
}
延伸阅读:
PHP获取当前域名$_SERVER['HTTP_HOST']和$_SERVER['SERVER_NAME']的区别
PHP的$_SERVER['PHP_SELF']造成的XSS漏洞攻击及其解决方案