You need $_SERVER['REQUEST_URI']
instead of $_SERVER['SCRIPT_NAME']
, cos $_SERVER['SCRIPT_NAME']
will always give you the file which is working at the moment.
From manual:
SCRIPT_NAME: Contains the current script's path. This is useful for pages which need to point to themselves. The __FILE__
constant contains the full path and filename of the current (i.e. included) file. .
I suppose this helps you getting current URL fully.
echo 'http://'. $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
Notice: DO NOT RELY ON CLIENT'S HTTP_HOST
, USE SERVER_NAME
INSTEAD! SEE: What is the difference between HTTP_HOST and SERVER_NAME in PHP?
Security Warning
You need to filter (sanitize) $_SERVER['REQUEST_URI']
if you use it in anywhere (to print or store in database), cos it's not safe.
// ie: this could be harmfull
/user?id=123%00%27<script...
Hence, always filter user inputs before using them. At least use htmlspecialchars
, htmlentities
, strip_tags
etc..
Or something like this;
function get_current_url($strip = true) {
static $filter, $scheme, $host, $port;
if ($filter == null) {
$filter = function($input) use($strip) {
$input = trim($input);
if ($input == '/') {
return $input;
}
// add more chars if needed
$input = str_ireplace(["", '%00', "x0a", '%0a', "x1a", '%1a'], '',
rawurldecode($input));
// remove markup stuff
if ($strip) {
$input = strip_tags($input);
}
// or any encoding you use instead of utf-8
$input = htmlspecialchars($input, ENT_QUOTES, 'utf-8');
return $input;
};
$scheme = isset($_SERVER['REQUEST_SCHEME']) ? $_SERVER['REQUEST_SCHEME']
: ('http'. (($_SERVER['SERVER_PORT'] == '443') ? 's' : ''));
$host = $_SERVER['SERVER_NAME'];
$port = ($_SERVER['SERVER_PORT'] != '80' && $scheme != 'https')
? (':'. $_SERVER['SERVER_PORT']) : '';
}
}
return sprintf('%s://%s%s%s', $scheme, $host, $port, $filter($_SERVER['REQUEST_URI']));
}
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…