[nycphp-talk] $_server['server_name'] versus $_server[http-host']
Andrew Yochum
andrew at plexpod.com
Thu Mar 16 14:11:19 EST 2006
On Thu, Mar 16, 2006 at 01:23:35PM -0500, Cliff Hirsch wrote:
> 'SERVER_NAME' -- The name of the server host under which the current
> script is executing. If the script is running on a virtual host, this
> will be the value defined for that virtual host.
This is provided by the web server
> 'HTTP_HOST' -- Contents of the Host: header from the current request, if
> there is one.
This is provided by the client and is therefore tainted.
> So in English that means? Aren't these the same thing?
Usually, except when you have a vhost w/ a bunch of other aliases
(ServerAlias directive in Apache) like you describe below.
> If I have several URLs points at the same server and want to setup my
> links to refer to the URL that was originally submitted, does this mean
> I should be using http_host, not server_name?
Yes, but consider the above. Validate it as if it were form data.
HTH,
Andrew
--
Andrew Yochum
Plexpod
andrew at plexpod.com
718-360-0879
More information about the talk
mailing list