PHP_SELF vs PATH_INFO vs SCRIPT_NAME vs REQUEST_URI

PHP_SELF, PATH_INFO, SCRIPT_NAME, and REQUEST_URI are all superglobal variables in PHP that provide information about the current URL being requested.

  • PHP_SELF is the current script being executed. It is the name of the script itself, as called by the client.
  • PATH_INFO is any additional path information following the script name in the URL.
  • SCRIPT_NAME is the path of the current script, as it appears in the URL.
  • REQUEST_URI is the entire requested URI, including any query string.

For example, if the URL being requested is "https://example.com/index.php/path/to/resource?query=string",

  • PHP_SELF would be "/index.php"
  • PATH_INFO would be "/path/to/resource"
  • SCRIPT_NAME would be "/index.php"
  • REQUEST_URI would be "/index.php/path/to/resource?query=string" It is important to note that these variables can be manipulated by attackers and should be properly sanitized before usage.