echo "<h1>"; $php_errormsg; echo "</h1>"; will output: <h1>[the php error]<h1> however, this command echo "<h1>" . $php_errormsg . "</h1>"; should produce the same thing, yet it produces [the php error]<h1></h1> not sure if this is a "feature" or a "bug" dotpointer 10-Jan-2005 05:26 Running Xitami in Windows 2000 and PHP 4.3.7, nor PHP_SELF or SCRIPT_FILENAME is not availiable. Trying SCRIPT_NAME instead. Here is a function that returns the filename of a script without slashes. Good for use in HTML FORM ACTION=""-arguments... function getThisFile() { /* try to use PHP_SELF first... */ if (!empty($_SERVER['PHP_SELF'])) { $strScript = $_SERVER['PHP_SELF']; /* otherwise, try SCRIPT_NAME */ } else if (!empty($_SERVER['SCRIPT_NAME'])) { $strScript = @$_SERVER['SCRIPT_NAME']; /* last resort - quit out and return nothing */ } else { return null; } /* fint last frontslash in filename */ $intLastSlash = strrpos($strScript, "/"); /* check if last backslash is more far away in filename */ if (strrpos($strScript, "\\")>$intLastSlash) { /* if so, use the backslash position instead */ $intLastSlash = strrpos($strScript, "\\"); } /* cut out from the last slash and to the end of the filename */ return substr($strScript, $intLastSlash+1, strlen($strScript)); } Tested on PHP 4.3.7/Win32 and PHP 5.0.3/Linux. You may add more filepaths to the first if-section to get more chances to catch up the filename if you can. Matt Johnson 26-Dec-2004 08:50 A reminder: if you are considering using urldecode() on a $_GET variable, DON'T! Evil PHP: <?php # BAD CODE! DO NOT USE! $term = urldecode($_GET['sterm']); ?> Good PHP: <?php $term = $_GET['sterm']; ?> The webserver will arrange for $_GET to have been urldecoded once already by the time it reaches you! Using urldecode() on $_GET can lead to extreme badness, PARTICULARLY when you are assuming "magic quotes" on GET is protecting you against quoting. Hint: script.php?sterm=%2527 [...] PHP "receives" this as %27, which your urldecode() will convert to "'" (the singlequote). This may be CATASTROPHIC when injecting into SQL or some PHP functions relying on escaped quotes -- magic quotes rightly cannot detect this and will not protect you! This "common error" is one of the underlying causes of the Santy.A worm which affects phpBB < 2.0.11. mrnopersonality at yahoo dot com 19-Oct-2004 11:13 Nothing about the message-body ... You can get cookies, session variables, headers, the request-uri , the request method, etc but not the message body. You may want it sometimes when your page is to be requested with the POST method. |