PHP笔记网

1、$_SERVER["SCRIPT_NAME"]

说明：包含当前脚本的路径

2、$_SERVER["PHP_SELF"]

说明：当前正在执行脚本的文件名

3、$_SERVER["QUERY_STRING"]

说明：查询(query)的字符串

4、$_SERVER["REQUEST_URI"]

说明：访问此页面所需的URI

实例：

1.http://blog.snsgou.com/ (直接打开主页)

结果：

$_SERVER["SCRIPT_NAME"] = "/index.php"
$_SERVER["PHP_SELF"]     = "/index.php"
$_SERVER["QUERY_STRING"] = ""
$_SERVER["REQUEST_URI"] = "/"

2.http://blog.snsgou.com/?p=222 (附带查询)

结果：

$_SERVER["SCRIPT_NAME"] = "/index.php"
$_SERVER["PHP_SELF"]     = "/index.php"
$_SERVER["QUERY_STRING"] = "p=222"
$_SERVER["REQUEST_URI"] = "/?p=222"

3.http://blog.snsgou.com/index.php?p=222&q=biuuu

结果：

$_SERVER["SCRIPT_NAME"] = "/index.php"
$_SERVER["PHP_SELF"]     = "/index.php"
$_SERVER["QUERY_STRING"] = "p=222&q=biuuu"
$_SERVER["REQUEST_URI"] = "/index.php?p=222&q=biuuu"

4.http://blog.snsgou.com/123/123.php/abc/def?id=222&name=jack

$_SERVER["SCRIPT_NAME"] = "/123/123.php"
$_SERVER["PHP_SELF"]     = "/123/123.php/abc/def"
$_SERVER["QUERY_STRING"] = "id=222&name=jack"
$_SERVER["REQUEST_URI"] = "/123/123.php/abc/def?id=222&name=jack"

5.http://blog.snsgou.com/123/123.php/abc/def.bat?id=222&name=jack

$_SERVER["SCRIPT_NAME"] = "/123/123.php"
$_SERVER["PHP_SELF"]     = "/123/123.php/abc/def.bat"
$_SERVER["QUERY_STRING"] = "id=222&name=jack"
$_SERVER["REQUEST_URI"] = "/123/123.php/abc/def.bat?id=222&name=jack"

• $_SERVER["SCRIPT_NAME"]  获取当前脚本的路径，如：index.php
• $_SERVER["PHP_SELF"]  当前正在执行脚本的文件名
• $_SERVER["QUERY_STRING"]  获取查询语句，实例中可知，获取的是?后面的值
• $_SERVER["REQUEST_URI"]  获取http://blog.snsgou.com后面的值，包括/

总结一下，对于SCRIPT_NAME、PHP_SELF、QUERY_STRING、REQUEST_URI，深入了解将有利于我们 在$_SERVER函数中正确调用这四个值。

一般地： $_SERVER["REQUEST_URI"] = $_SERVER["PHP_SELF"] . '?' . $_SERVER["QUERY_STRING"]

注意：当有地址重写时，情况有些变化，如：

/class 重写到 /index.php?app=class&mod=Index&act=index

此时：

$_SERVER['PHP_SELF'] 值等于 /index.php
$_SERVER['QUERY_STRING'] 值等于 /index.php?app=class&mod=Index&act=index
$_SERVER["REQUEST_URI"] 值等于 /class

uchome系统中处理技巧：

//处理REQUEST_URI
if (!isset($_SERVER['REQUEST_URI'])) {
    $_SERVER['REQUEST_URI'] = $_SERVER['PHP_SELF'];
    if (isset($_SERVER['QUERY_STRING'])) $_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING'];
}
if ($_SERVER['REQUEST_URI']) {
    $temp = urldecode($_SERVER['REQUEST_URI']);
    if (strexists($temp, '<') || strexists($temp, '"')) {
        $_GET = shtmlspecialchars($_GET); // XSS
    }
}

延伸阅读：

PHP获取当前页面的URL

PHP获取当前域名$_SERVER['HTTP_HOST']和$_SERVER['SERVER_NAME']的区别

PHP的$_SERVER['PHP_SELF']造成的XSS漏洞攻击及其解决方案