Accessing the Request URI in PHP
Understanding the Request URI
The Request URI encompasses the portion of a Uniform Resource Identifier (URI) that identifies the resource being requested by a client from a server. It typically includes the path, query string, and fragment (though the fragment is generally handled client-side).
Server Variables for URI Information
PHP provides several server variables, accessible through the $_SERVER superglobal array, that contain parts or the whole of the Request URI. The specific variable used depends on the required information.
$_SERVER['REQUEST_URI']
This variable holds the complete URI requested, including the path and query string, but not the domain name or protocol. For example, if the user visits http://example.com/products/details?id=123&color=red, the value would be /products/details?id=123&color=red.
$_SERVER['PHP_SELF']
Contains the filename of the currently executing script, relative to the document root. For instance, if the URL is http://example.com/scripts/process.php/some/extra/path?query=string, $_SERVER['PHP_SELF'] would contain /scripts/process.php. Note that any path information following the script name is included.
$_SERVER['QUERY_STRING']
This variable contains the query string portion of the URI (everything after the ? character). Using the example above, the value would be id=123&color=red. This value is URL-encoded.
$_SERVER['SCRIPT_NAME'] or $_SERVER['SCRIPT_FILENAME']
Both these variables provide the path to the current script. SCRIPT_NAME is relative to the document root (e.g., /scripts/process.php), while SCRIPT_FILENAME gives the absolute filesystem path (e.g., /var/www/html/scripts/process.php). They do not include the query string.
$_SERVER['HTTP_HOST']
Contains the hostname from the 'Host' header of the current request. If the URL is http://example.com/products, the value is example.com.
$_SERVER['SERVER_NAME']
Contains the name of the server host under which the current script is executing. If the URL is http://example.com/products, the value is example.com.
$_SERVER['SERVER_PORT']
The port used by the server for the request. Typically '80' for HTTP or '443' for HTTPS.
$_SERVER['HTTPS']
Set to a non-empty value if the script was queried through the HTTPS protocol. Commonly set to 'on', but can vary by server configuration. If not HTTPS, it is typically not set.
Constructing a Full URL
To construct a complete URL, including protocol, hostname, and the Request URI, combine several $_SERVER variables:
$protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http"; $host = $_SERVER['HTTP_HOST']; $uri = $_SERVER['REQUEST_URI']; $full_url = $protocol . "://" . $host . $uri; Accessing Individual Query String Parameters
Individual query parameters are automatically available through the $_GET superglobal array. For example, if the URI is /page.php?id=42&name=example, then $_GET['id'] will contain 42 and $_GET['name'] will contain example.
Security Considerations
When utilizing any part of the Request URI, always sanitize and validate the data before using it in any operation, particularly when dealing with databases, file system operations, or displaying it on the page to prevent potential security vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection. Use functions like htmlspecialchars(), filter_var(), and appropriate database escaping mechanisms.