Is it possible for $_SERVER['SCRIPT_FILENAME'] to not be set?

Question

Hey everyone, some background info:

In the config file for my website, I set the mysql database name, username and password based on the contents of $_SERVER['HTTP_HOST']. Because it is possible for this variable to not be set in the case of old (HTTP 1.0) requests and cron jobs, I include a file that spoofs the $_SERVER['HTTP_HOST'] value based on the value found in $_SERVER['SCRIPT_FILENAME'].

However, I'm still noticing errors in my log files every now and then (it's rare, once every 2 weeks or so, but it still happens) where it tries to connect to MySQL on the production site using the login information for the local testing environment.

Is there a possibility for $_SERVER['SCRIPT_FILENAME'] to be empty?

Answer 1

I believe this is possible depending on the webserver being used and its configuration but this wouldn't happen inconsistently i.e. it wouldn't just happen 'once every 2 weeks or so' it would happen on every request.

A more robust solution to your problem would be to modify your deployment process (or implement one if you don't have a formal process). The deployment scripts could write appropriate connection parameters to your config file depending on which environment is being deployed to.

A new deployment process as suggested would then turn this run-time issue into a deploy-time issue which hopefully would be identified and acted upon quickly in the case of a mistake.