I do not want to pass GET or POST variables to a script. I want to use the filename and use it to lookup the product from the phpscript for example:
......./DELL1500.php ......./COMPAQ1213.php
I have three questions:
Where does PHP get the data from $_SERVER["SCRIPT_NAME"] is it from the server or the clients browser?
Can anyone think of any security issues of using this?
Could this in anyway be incompatible with any older browsers. I assume not if its provided by the server?
Cheers,
Cameron
$_SERVER['SCRIPT_NAME'] is server-side. There are no browser compatibility issues as a result, and there shouldn't be security issues as it simply an indication of what the server is serving for the requested URL (i.e. http://example.com/ and http://example.com/index.php would both result in '/index.php').
That said, having a different PHP script per product strikes me as extraordinarily inefficient in this day and age of cheap, simple database-driven sites.
I think there are no security issues and it is created on the server so it doesn't depend on client browser. I think you can use it.
$_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server. There is no guarantee that every web server will provide any of these; servers may omit some, or provide others not listed here.
It should be completely safe to use, as it is generated by the server. On a personal note, I always sanitize anything from a super global, regardless of how safe it is supposed to be.
$_SERVER[] variables are from the server.Also, do take a look at this older Stack Overflow post.
Thank you everyone for your answers that's what I needed to know.
ceejayoz. I used to use a single script and use the GET variables to load the correct content.
However, I want to increase my SEO visibility and I do not want to use MOD re-write.
So all the files are simple an include back to the main page which it gets the file name to load the data from the database.
Cheers,
Cameron