php - How to print current URL path?

Question

I want to print out the current URL path, but my code doesn't work propperly.

I use this in my file.php

echo "http://".$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'];

When i open the url http://sub.mydomain.com/file.php it seems to work fine, and it prints "http://sub.mydomain.com/file.php"

But if i remove the .php extension so the url will be http://sub.mydomain.com/file instead, it prints "http://sub.mydomain.com/sub/file.php" which is wrong.

It prints the subdomain twice, and I don't know why?

In my .htaccess file, I have a rewrite that makes it possible to removes .php extensions.

Anyone who can/want to help me please? :)

Answer 1

You need $_SERVER['REQUEST_URI'] instead of $_SERVER['SCRIPT_NAME'], cos $_SERVER['SCRIPT_NAME'] will always give you the file which is working at the moment.

From manual:

SCRIPT_NAME: Contains the current script's path. This is useful for pages which need to point to themselves. The __FILE__ constant contains the full path and filename of the current (i.e. included) file. .

I suppose this helps you getting current URL fully.

echo 'http://'. $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];

Notice: DO NOT RELY ON CLIENT'S HTTP_HOST, USE SERVER_NAME INSTEAD! SEE: What is the difference between HTTP_HOST and SERVER_NAME in PHP?

Security Warning

You need to filter (sanitize) $_SERVER['REQUEST_URI'] if you use it in anywhere (to print or store in database), cos it's not safe.

// ie: this could be harmfull
/user?id=123%00%27<script...

Hence, always filter user inputs before using them. At least use htmlspecialchars, htmlentities, strip_tags etc..

Or something like this;

function get_current_url($strip = true) {
    static $filter, $scheme, $host, $port; 
    if ($filter == null) {
        $filter = function($input) use($strip) {
            $input = trim($input);
            if ($input == '/') {
                return $input;
            }

            // add more chars if needed
            $input = str_ireplace(["", '%00', "x0a", '%0a', "x1a", '%1a'], '',
                rawurldecode($input));

            // remove markup stuff
            if ($strip) {
                $input = strip_tags($input);
            }

            // or any encoding you use instead of utf-8
            $input = htmlspecialchars($input, ENT_QUOTES, 'utf-8');

            return $input;
        };

        $scheme = isset($_SERVER['REQUEST_SCHEME']) ? $_SERVER['REQUEST_SCHEME']
            : ('http'. (($_SERVER['SERVER_PORT'] == '443') ? 's' : ''));
        $host = $_SERVER['SERVER_NAME'];
        $port = ($_SERVER['SERVER_PORT'] != '80' && $scheme != 'https')
            ? (':'. $_SERVER['SERVER_PORT']) : '';
        }
    }

    return sprintf('%s://%s%s%s', $scheme, $host, $port, $filter($_SERVER['REQUEST_URI']));
}