In your valiant conquest of the web development industry, you will notice that some scripts will require that you know the current URL the user is browsing to provide certain services. A prime example would be in user management- where we make use of query strings to keep track of users. More practical solutions may even demand that we find the current URL to display relevant ads and increase conversion rates.
PHP has set forth certain global variables that makes this process painfully easy. We will be experimenting with several methods of finding certain parts in the URL within this tutorial. Respectively, they are:
1. Finding the current domain
2. Finding the path to the script
3. Finding the query string (if any)
4. Using a special short cut method to tie things together
Finding The Current Domain In PHP
If you need the current domain, you can use this neat little snipped below:
<?php # Using HTTP_HOST $domain = $_SERVER['HTTP_HOST']; echo $domain; ?>
If we were to use this directly on this page, the output would be learnphponline.com – notice that it does not include the ‘http://’ or ‘www.’ prefixes. If you are trying to make a link, you could do so by concatenating these prefixes onto the HTTP_HOST server variable.
Finding The Path To The Current Script
If you need to link to the current page, we use the SCRIPT_NAME server variable. We see this in use a lot more than you would think. WordPress installations will link article titles to the same page for several reasons. First, it keeps things user friendly- but it is also great for search engine optimization. Don’t be afraid to follow their example such as the snippet below shows.
<?php # Using SCRIPT_NAME $path = $_SERVER['SCRIPT_NAME']; echo "Path To Script Example: <a href='$path'>An Article Title</a>"; ?>
You will notice that the domain section and query string is left out. Instead we get the script path that links nicely to the current page.
Finding The Query String In a URL
The query string is important in passing variables or authorization information across several different pages in your website. You have probably noticed this before when logging into your favorite website and seen something to this effect: “TheWebsite.com/users/index.php?name=YourName”
Making a query string is actually quite easy. Make a simple PHP file and create a link to the current file, yet concatenate a ternary symbol and assign a variable like this:
<a href=’www.yoururl.com/index.php?variable=value’>Test it!</a>
This won’t do anything since we haven’t coded anything to work with the variable. But it will allow us to test the server variable below.
<?php # Using QUERY_STRING $queryString = $_SERVER['QUERY_STRING']; echo "Query: " . $queryString; ?>
Finding The Current URL With Request URI
If you are using MOD REWRITE to make your URLs more user-friendly, there is still a way to get the original URL. By using the REQUEST_URI server variable, we can get the URL given to access the page. So be definition, we bypass any rewrite rules.
<?php # Using REQUEST_URI echo "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; ?>
This saves a little bit of space over the previous examples, since REQUEST_URI can replace the script path and query string server variables. This is best used when you don’t need these variables separated, which you commonly do.
Security Issues To Consider
There are many ways to get the current URL, but the ones mentioned here are the safest. The server variable PHP_SELF is an example of a method that can result in cross-scripting attacks (XSS). Instead make sure you use the SCRIPT_NAME variable as we did above in our examples.
Also make note that header information can be faked. Any variable that includes “HTTP” in it has a potential to be untrustworthy data. There are always verification methods and alternatives to these pitfalls, so you aren’t without options.
A humorous example of how HTTP headers can be faked is with certain security software packages that rewrite referrer information that websites use for analytics. By setting your referrer field to something such as “FBI” or “CIA” you can effectively give the statistics-conscious webmaster a nice scare.