FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Good code or bad code?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Good code or bad code? [message #170193 is a reply to message #170189] Sun, 17 October 2010 17:09 Go to previous messageGo to previous message
Thomas 'PointedEars'  is currently offline  Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma:
Senior Member
MikeB wrote:

> Jerry Stuckle wrote:
>> On 10/17/2010 12:20 AM, MikeB wrote:
>>> So as part of all this URI/URL/redirect stuff I spent some time looking
>>> at the contents of $_SERVER and I came up with this code to find the
>>> filename of the file I'm invoked from. Now one condition that I wanted
>>> to cater for was if the filename had multiple "."s in the name, for
>>> instance myfile.inc.php, or something like this.
>>>
>>> So I came up with this piece of code.
>>>
>>> $uriParts = explode("/",$_SERVER['REQUEST_URI']);
>>> $thisFile = substr(end($uriParts),0,(strlen(end($uriParts))) -
>>> (strlen(end($uriParts))- strrpos(end($uriParts),'.')));
>>>
>>> So I was wondering if that is good code or if I could have written it
>>> better, since looking at it it is quite hard to understand.
>>>
>>> I'll go away again for a while after this, I probably have been relying
>>> on all y'alls good graces too much again.
>>
>> In addition to what Hammish said, this information is sent by the
>> browser and cannot be trusted. Some browsers may not send it, and if it
>> is sent, it may be falsified (i.e. by a hacker).

Bullshit/FUD. $_SERVER['REQUEST_URI'] yields the HTTP request URI, e.g.

http://foo.example/bar?baz

for an HTTP request containing the headers

GET /bar?baz HTTP/1.1
Host: foo.example

As the array name indicates, the value is provided by the Web *server* that
is running the executing PHP instance, and is completely independent of the
(capabilities of the) HTTP client application (e.g., the browser) that made
the request.

> I wrote that code to find the fiilename (eg. index) so that I could
> dynamically derive the name of an accompanying template file.
>
> So if I'm running from index.php, I could derive index.tpl for a Smarty
> template to accompany the php file.

Use $_SERVER['SCRIPT_NAME'], since $_SERVER['PHP_SELF'] can be misused for
code injection:

<http://en.wikipedia.org/wiki/Cross-site_scripting>

RTFM and call phpinfo() for details on $_SERVER.


PointedEars
--
Prototype.js was written by people who don't know javascript for people
who don't know javascript. People who don't know javascript are not
the best source of advice on designing systems that use javascript.
-- Richard Cornford, cljs, <f806at$ail$1$8300dec7(at)news(dot)demon(dot)co(dot)uk>
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: buffering to allow headers in code?
Next Topic: Stats comp.lang.php (last 7 days)
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 07:42:28 GMT 2024

Total time taken to generate the page: 0.04115 seconds