PSP_SELF

I am trying to learn PHP. I am confused as to why I need
$_SERVER['PHP_SELF'] in the first block, but just $PHP_SELF in the 2nd. I
don't see the latter assigned anywhere in the code.

Thanks for any clarifications.




elseif ($delete) {
// delete a record
$sql = "DELETE FROM employees WHERE id=$id";
$result = mysql_query($sql);
echo "$sql Record deleted!<p>";
printf("<a href=\"%s\">Return</a><br>", $_SERVER['PHP_SELF']);
}
else {
// this part happens if we don't press submit
if (!$id) {
// print the list if there is not editing
$result = mysql_query("SELECT * FROM employees",$db);
while ($myrow = mysql_fetch_array($result)) {
printf("<a href=\"%s?id=%s\">%s %s</a> \n", $PHP_SELF,
$myrow["id"], $myrow["first"], $myrow["last"]);
printf("<a href=\"%s?id=%s&delete=yes\">(DELETE)</a><br>",
$PHP_SELF, $myrow["id"]);
}
}

Buck Turgidson wrote:

> I am trying to learn PHP. I am confused as to why I need
> $_SERVER['PHP_SELF'] in the first block, but just $PHP_SELF in the 2nd. I
> don't see the latter assigned anywhere in the code.
>
> Thanks for any clarifications.
>
>
>
>
> elseif ($delete) {
> // delete a record
> $sql = "DELETE FROM employees WHERE id=$id";
> $result = mysql_query($sql);
> echo "$sql Record deleted!<p>";
> printf("<a href=\"%s\">Return</a><br>", $_SERVER['PHP_SELF']);
> }
> else {
> // this part happens if we don't press submit
> if (!$id) {
> // print the list if there is not editing
> $result = mysql_query("SELECT * FROM employees",$db);
> while ($myrow = mysql_fetch_array($result)) {
> printf("<a href=\"%s?id=%s\">%s %s</a> \n", $PHP_SELF,
> $myrow["id"], $myrow["first"], $myrow["last"]);
> printf("<a href=\"%s?id=%s&delete=yes\">(DELETE)</a><br>",
> $PHP_SELF, $myrow["id"]);
> }
> }

It's a bug.. both should reference $_SERVER['PHP_SELF']

$PHP_SELF is available of register_globals = On, but default install is
with register_globals = Off

--
Justin Koivisto - spam@koivi.com
http://www.koivi.com

*Buck Turgidson wrote:

> I am trying to learn PHP. I am confused as to why I need
> $_SERVER['PHP_SELF'] in the first block, but just $PHP_SELF in the 2nd.
> I
> don't see the latter assigned anywhere in the code.
>
> Thanks for any clarifications.


This has to do with the setting of register_globals:

http://no2.php.net/manual/en/security.globals.php

DO NOT use the $PHP_SELF any more, it is obsolete and will render your
code non-portable.


--
Thomas

SELECT date FROM wife WHERE bitching = '0' AND sex = '1'

Justin Koivisto wrote:
> Buck Turgidson wrote:
>> I am trying to learn PHP. I am confused as to why I need
>> $_SERVER['PHP_SELF'] in the first block, but just $PHP_SELF in the 2nd.
>> I don't see the latter assigned anywhere in the code.

See my comments below

>> elseif ($delete) {
>> // delete a record
>> $sql = "DELETE FROM employees WHERE id=$id";
>> $result = mysql_query($sql);
>> echo "$sql Record deleted!<p>";
>> printf("<a href=\"%s\">Return</a><br>", $_SERVER['PHP_SELF']);
>> }
>> else {
>> // this part happens if we don't press submit
>> if (!$id) {
>> // print the list if there is not editing
>> $result = mysql_query("SELECT * FROM employees",$db);
>> while ($myrow = mysql_fetch_array($result)) {
>> printf("<a href=\"%s?id=%s\">%s %s</a> \n", $PHP_SELF,
>> $myrow["id"], $myrow["first"], $myrow["last"]);
>> printf("<a href=\"%s?id=%s&delete=yes\">(DELETE)</a><br>",
>> $PHP_SELF, $myrow["id"]);
>> }
>> }
>
> It's a bug.. both should reference $_SERVER['PHP_SELF']

A bug .... Where is the bug?
The OP's code or the browser he's using? :-)


The first printf() will print something like

<a href="/script.php">Return</a>

whereas the second will print

<a href="?id=42">First Last</a>


And I think the OP's browser (correctly???) takes the second URL (can
that be called a URL???) as "<current_page>?id=42"




To the OP:

Buck, turn on error reporting for all notices so that you will be
notified when you use variables that do not exit (like $PHP_SELF above).

If you can't change php.ini, insert these two lines at the top of your
scripts:

error_reporting(E_ALL);
ini_set('display_errors', '1');

--
Mail to my "From:" address is readable by all at http://www.dodgeit.com/
== ** ## !! ------------------------------------------------ !! ## ** ==
TEXT-ONLY mail to the whole "Reply-To:" address ("My Name" <my@address>)
may bypass my spam filter. If it does, I may reply from another address!

Pedro Graca wrote:

> the second will print
>
> <a href="?id=42">First Last</a>

<?id=42> is not a relative URI by RFC2396, and so, strictly
speaking, that isn't HTML; luckily, however, that fault was
spotted, and the BNF for relativeURI (now termed relative-
ref) has been revised. <?id=42> is valid under the current
draft-in-progress; see

<http://www.gbiv.com/protocols/uri/rev-2002/issues.html#007-empty-rel_path>

> And I think the OP's browser (correctly???) takes the second
> URL (can that be called a URL???) as "<current_page>?id=42"

You'd expect that, wouldn't you?

An example from Appendix C in RFC2396 shows that with a base
URI of <http://a/b/c/d;p?q> a relative URI of <?y> resolves
to <http://a/b/c/?y>. With <?y>, you reach step 6 of
RFC2396's resolution algorithm: strip off anything after the
last slash of the base URI and append <?y> to what's left.

The draft-in-progress, on the other hand, shows an example
with the same base and relative URIs which resolves to
<http://a/b/c/d;p?y>.

<http://www.gbiv.com/protocols/uri/rev-2002/issues.html#003-relative-query>

That's the theory anyway; I don't know what browsers
actually do. Tell a lie: Lynx 2.8.3dev.17 follows RFC2396
to the letter, while Opera 7.10 follows the draft-in-
progress and RFC1808. Which browser is right? I wouldn't
call either wrong. Is it wise to use relative URIs with
empty paths? I wouldn't use them.

--
Jock

Someone is thinking too much about the portable Playstation :-)

John Dunlop wrote:
> Pedro Graca wrote:
>> And I think the OP's browser (correctly???) takes the second
>> URL (can that be called a URL???) as "<current_page>?id=42"
>
> You'd expect that, wouldn't you?

Yes :)
But my expectations aren't necessarily correct.


Thank you for the links and, especially, the detailed explanation.

--
Mail to my "From:" address is readable by all at http://www.dodgeit.com/
== ** ## !! ------------------------------------------------ !! ## ** ==
TEXT-ONLY mail to the whole "Reply-To:" address ("My Name" <my@address>)
may bypass my spam filter. If it does, I may reply from another address!

>
> That's the theory anyway; I don't know what browsers
> actually do. Tell a lie: Lynx 2.8.3dev.17 follows RFC2396
> to the letter, while Opera 7.10 follows the draft-in-
> progress and RFC1808. Which browser is right? I wouldn't
> call either wrong. Is it wise to use relative URIs with
> empty paths? I wouldn't use them.
>



I am using Opera, BTW.

> Buck, turn on error reporting for all notices so that you will be
> notified when you use variables that do not exit (like $PHP_SELF above).
>
> If you can't change php.ini, insert these two lines at the top of your
> scripts:
>
> error_reporting(E_ALL);
> ini_set('display_errors', '1');
>

This is an extract of php.ini. It appears to be set.

error_reporting = E_ALL & ~E_NOTICE
display_errors = On
display_startup_errors = Off
log_errors = Off
log_errors_max_len = 1024

Buck Turgidson wrote:
>> Buck, turn on error reporting for all notices so that you will be
>> notified when you use variables that do not exit (like $PHP_SELF above).
>
> This is an extract of php.ini. It appears to be set.
>
> error_reporting = E_ALL & ~E_NOTICE

This means show everything except Notices.
The use of uninitialized variables is a notice.

Change it to

error_reporting = E_ALL


and get ready to see a *LOT* ot notices about uninitialized variables.

--
Mail to my "From:" address is readable by all at http://www.dodgeit.com/
== ** ## !! ------------------------------------------------ !! ## ** ==
TEXT-ONLY mail to the whole "Reply-To:" address ("My Name" <my@address>)
may bypass my spam filter. If it does, I may reply from another address!