On Jan 27, 2012, at 12:45 PM, Adam Richardson wrote:

> On Fri, Jan 27, 2012 at 12:09 PM, Tedd Sperling <tedd.sperl...@gmail.com> 
> wrote:
> On Jan 11, 2012, at 9:24 PM, tamouse mailing lists wrote:
> > Is there ever a case where SCRIPT_NAME does not equal PHP_SELF?
> Was this every answered? I would like to know.
> Cheers,
> tedd
> Yep, can be different:
> http://stackoverflow.com/questions/279966/php-self-vs-path-info-vs-script-name-vs-request-uri
> Adam

I should have been more clear -- I understand:

[PHP_SELF] => /test.php/foo/bar
[SCRIPT_NAME] => /test.php/

by practice is different.

I should have used basename() in my question.

The main point I was trying to get was which one is more secure and not subject 
to cross-site scripting or other such security issues? 

IOW, if you had to bet your life on it, which would be most secure in reporting 
an accurate basename()?




PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to