开发者

Difference between $_SERVER['DOCUMENT_ROOT'] and $_SERVER['HTTP_HOST']

开发者 https://www.devze.com 2023-03-31 06:04 出处:网络
I am back with a simple question (or related question). The question is simple however I have not received an answer yet. I have asked many people with different experience in PHP. But the response I

I am back with a simple question (or related question).

The question is simple however I have not received an answer yet. I have asked many people with different experience in PHP. But the response I get is: "I don't have any idea. I've never thought about that." Using Google I have not been able to find any article on this. I hope that I will get a satisfying answer here.

So the question is:

What is the difference between $_SERVER['DOCUMENT_ROOT'] and $_SERVER['HTTP_HOST'] ?

Are there any advantages of one over the other?

Where should we use HTTP_HOST & wh开发者_开发技巧ere to use DOCUMENT_ROOT?


DOCUMENT_ROOT

The root directory of this site defined by the 'DocumentRoot' directive in the General Section or a section e.g.

DOCUMENT_ROOT=/var/www/example 

HTTP_HOST

The base URL of the host e.g.

HTTP_HOST=www.example.com 

The document root is the local path to your website, on your server; The http host is the hostname of the server. They are rather different; perhaps you can clarify your question?

Edit: You said:

Case 1 : header('Location: '. $_SERVER['DOCUMENT_ROOT'] . '/abc.php')

Case 2: header('Location: '. $_SERVER['HTTP_HOST'] . '/abc.php')

I suspect the first is only going to work if you run your browser on the same machine that's serving the pages.

Imagine if someone else visits your website, using their Windows machine. And your webserver tells them in the HTTP headers, "hey, actually, redirect this location: /var/www/example/abc.php." What do you expect the user's machine to do?

Now, if you're talking about something like

<?php include($_SERVER['DOCUMENT_ROOT'] . '/include/abc.php') ?>

vs

<?php include($_SERVER['HTTP_HOST'] . '/include/abc.php') ?>

That might make sense. I suspect in this case the former is probably preferred, although I am not a PHP Guru.


<?php include($_SERVER['DOCUMENT_ROOT'] . '/include/abc.php') ?>

should be used for including the files in another file.

header('Location: '. $_SERVER['HTTP_HOST'] . '/abc.php')

should be used for hyperlinking


Eh, what's the question? DOCUMENT_ROOT contains the path to current web, in my case /home/www. HTTP_HOST contains testing.local, as it runs on local domain. The difference is obvious, isn't it?

I cannot figure out where you could interchange those two, so why should you consider advantages?


HTTP_HOST will give you URL of the host, e.g. domain.com

DOCUMENT_ROOT will give you absolute path to document root of the website in server's file system, e.g. /var/www/domain/

Btw, have you tried looking at PHP's manual, specifically $_SERVER? Everything is explanied there.


if you want domain path like 'example.com', you can use "HTTP_HOST" if you want folder '/public_html/foldername/' path you can use "DOCUMENT_ROOT"


$_SERVER ['HTTP_HOST'] is defined by the client and may not even be set! You can repeat a request and withhold the header for local testing in developer tools such as for Waterfox/Firefox. You must determine if this header is set and if the host being requested exists (one of the very first things you do, even before starting to send any of your headers) otherwise the appropriate action is to kill the entire process and respond with an HTTP 400 Bad Request. This goes for all server-side programming languages.

$_SERVER['DOCUMENT_ROOT'] is defined by the server as the directory which the executing script is located. Examples:

  • public_html/example.php = public_html/
  • public_html/test1/example.php = public_html/test1/

Keep in mind that if you're using Apache rewrites that there is a difference between the $_SERVER['REQUEST_URI'] (the URL requested) and $_SERVER['PHP_SELF'] (the file handling the request).


The Title question is perfectly awnsered by John Ledbetter.

This awnser is intended to expand and offer additional information about what seems to be the original poster inner concerns:

  • Where would make sense to use the URL based location: $_SERVER['HTTP_HOST'] ?
  • Where would make sense to use the local based location: $_SERVER['DOCUMENT_ROOT'] ?
  • Where both can be used, what are the Advantages and Disadvantages of each one. ?

Following my awnsers:

  • By usign the HTTP_HOST you can abstract yourself from the machine Folder System which means in cases where portability is a concern and you are expected to install the Application on multiple servers potentially with diferent OS this approach could be easier to maintain.
  • You can also take advantage of HTTP_HOST if your server is going to become unavailible and you want a diferent one from the cluster to handle the request.
  • By Using the DOCUMENT_ROOT you can access the whole filesystem (depends on the permissions you give to php) it makes sense if you want to access a program which you dont want to be accesible from the web or when the Folder System is relevant to your Application.
  • You can also take advantage of DOCUMENT_ROOT to get the subsite root instead of the Host.

    $_SERVER['HTTP_HOST'] = "www.example.com";
    $_SERVER['DOCUMENT_ROOT'] = "var/www/domain/subsite1" // equivalent to www.example.com/subsite1
    


$_SERVER ['HTTP_HOST'] returns the domain url a.g. www.example.com While $_SERVER['DOCUMENT_ROOT'] returns the roof of current web.. Such as


Other answers have alluded to it, but I wanted to add an answer just to be sharp as a grizzly bear tooth in one point - don't trust $_SERVER['HTTP_HOST'] as safe where following code does:

<?php
header('Location: '. $_SERVER['HTTP_HOST'] . '/abc.php');
#Or 
include($_SERVER['HTTP_HOST'] . '/include/abc.php');
?>

The variable is subject to manipulation by the incoming request and could contribute to an exploit. This may depend on your server configuration, but you don't want something filling out this variable for you :)

See also:

  • https://security.stackexchange.com/questions/32299/is-server-a-safe-source-of-data-in-php
  • https://expressionengine.com/blog/http-host-and-server-name-security-issues
0

精彩评论

暂无评论...
验证码 换一张
取 消