Last updated: Fri, 06 Nov 2009

$_SERVER

$HTTP_SERVER_VARS [deprecated]

$_SERVER -- $HTTP_SERVER_VARS [deprecated] — Server and execution environment information

Description

$_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server. There is no guarantee that every web server will provide any of these; servers may omit some, or provide others not listed here. That said, a large number of these variables are accounted for in the » CGI 1.1 specification, so you should be able to expect those.

$HTTP_SERVER_VARS contains the same initial information, but is not a superglobal. (Note that $HTTP_SERVER_VARS and $_SERVER are different variables and that PHP handles them as such)

Indices

You may or may not find any of the following elements in $_SERVER. Note that few, if any, of these will be available (or indeed have any meaning) if running PHP on the command line.

'PHP_SELF'

The filename of the currently executing script, relative to the document root. For instance, $_SERVER['PHP_SELF'] in a script at the address http://example.com/test.php/foo.bar would be /test.php/foo.bar. The __FILE__ constant contains the full path and filename of the current (i.e. included) file. If PHP is running as a command-line processor this variable contains the script name since PHP 4.3.0. Previously it was not available.

'argv'

Array of arguments passed to the script. When the script is run on the command line, this gives C-style access to the command line parameters. When called via the GET method, this will contain the query string.

'argc'

Contains the number of command line parameters passed to the script (if run on the command line).

'GATEWAY_INTERFACE'

What revision of the CGI specification the server is using; i.e. 'CGI/1.1'.

'SERVER_ADDR'

The IP address of the server under which the current script is executing.

'SERVER_NAME'

The name of the server host under which the current script is executing. If the script is running on a virtual host, this will be the value defined for that virtual host.

'SERVER_SOFTWARE'

Server identification string, given in the headers when responding to requests.

'SERVER_PROTOCOL'

Name and revision of the information protocol via which the page was requested; i.e. 'HTTP/1.0';

'REQUEST_METHOD'

Which request method was used to access the page; i.e. 'GET', 'HEAD', 'POST', 'PUT'.

Note: PHP script is terminated after sending headers (it means after producing any output without output buffering) if the request method was HEAD.

'REQUEST_TIME'

The timestamp of the start of the request. Available since PHP 5.1.0.

'QUERY_STRING'

The query string, if any, via which the page was accessed.

'DOCUMENT_ROOT'

The document root directory under which the current script is executing, as defined in the server's configuration file.

'HTTP_ACCEPT'

Contents of the Accept: header from the current request, if there is one.

'HTTP_ACCEPT_CHARSET'

Contents of the Accept-Charset: header from the current request, if there is one. Example: 'iso-8859-1,*,utf-8'.

'HTTP_ACCEPT_ENCODING'

Contents of the Accept-Encoding: header from the current request, if there is one. Example: 'gzip'.

'HTTP_ACCEPT_LANGUAGE'

Contents of the Accept-Language: header from the current request, if there is one. Example: 'en'.

'HTTP_CONNECTION'

Contents of the Connection: header from the current request, if there is one. Example: 'Keep-Alive'.

'HTTP_HOST'

Contents of the Host: header from the current request, if there is one.

'HTTP_REFERER'

The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.

'HTTP_USER_AGENT'

Contents of the User-Agent: header from the current request, if there is one. This is a string denoting the user agent being which is accessing the page. A typical example is: Mozilla/4.5 [en] (X11; U; Linux 2.2.9 i586). Among other things, you can use this value with get_browser() to tailor your page's output to the capabilities of the user agent.

'HTTPS'

Set to a non-empty value if the script was queried through the HTTPS protocol.

Note: Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol.

'REMOTE_ADDR'

The IP address from which the user is viewing the current page.

'REMOTE_HOST'

The Host name from which the user is viewing the current page. The reverse dns lookup is based off the REMOTE_ADDR of the user.

Note: Your web server must be configured to create this variable. For example in Apache you'll need HostnameLookups On inside httpd.conf for it to exist. See also gethostbyaddr().

'REMOTE_PORT'

The port being used on the user's machine to communicate with the web server.

'SCRIPT_FILENAME'

The absolute pathname of the currently executing script.

Note: If a script is executed with the CLI, as a relative path, such as file.php or ../file.php, $_SERVER['SCRIPT_FILENAME'] will contain the relative path specified by the user.

'SERVER_ADMIN'

The value given to the SERVER_ADMIN (for Apache) directive in the web server configuration file. If the script is running on a virtual host, this will be the value defined for that virtual host.

'SERVER_PORT'

The port on the server machine being used by the web server for communication. For default setups, this will be '80'; using SSL, for instance, will change this to whatever your defined secure HTTP port is.

'SERVER_SIGNATURE'

String containing the server version and virtual host name which are added to server-generated pages, if enabled.

'PATH_TRANSLATED'

Filesystem- (not document root-) based path to the current script, after the server has done any virtual-to-real mapping.

Note: As of PHP 4.3.2, PATH_TRANSLATED is no longer set implicitly under the Apache 2 SAPI in contrast to the situation in Apache 1, where it's set to the same value as the SCRIPT_FILENAME server variable when it's not populated by Apache. This change was made to comply with the CGI specification that PATH_TRANSLATED should only exist if PATH_INFO is defined. Apache 2 users may use AcceptPathInfo = On inside httpd.conf to define PATH_INFO.

'SCRIPT_NAME'

Contains the current script's path. This is useful for pages which need to point to themselves. The __FILE__ constant contains the full path and filename of the current (i.e. included) file.

'REQUEST_URI'

The URI which was given in order to access this page; for instance, '/index.html'.

'PHP_AUTH_DIGEST'

When running under Apache as module doing Digest HTTP authentication this variable is set to the 'Authorization' header sent by the client (which you should then use to make the appropriate validation).

'PHP_AUTH_USER'

When running under Apache or IIS (ISAPI on PHP 5) as module doing HTTP authentication this variable is set to the username provided by the user.

'PHP_AUTH_PW'

When running under Apache or IIS (ISAPI on PHP 5) as module doing HTTP authentication this variable is set to the password provided by the user.

'AUTH_TYPE'

When running under Apache as module doing HTTP authenticated this variable is set to the authentication type.

'PATH_INFO'

Contains any client-provided pathname information trailing the actual script filename but preceding the query string, if available. For instance, if the current script was accessed via the URL http://www.example.com/php/path_info.php/some/stuff?foo=bar, then $_SERVER['PATH_INFO'] would contain /some/stuff.

Changelog

Version	Description
4.1.0	Introduced `$_SERVER` that deprecated `$HTTP_SERVER_VARS`.

Examples

Example #1 $_SERVER example


<?php
echo $_SERVER['SERVER_NAME'];
?>

The above example will output something similar to:

www.example.com

Notes

Note: This is a 'superglobal', or automatic global, variable. This simply means that it is available in all scopes throughout a script. There is no need to do global $variable; to access it within functions or methods.


<?php



// RFC 2616 compatible Accept Language Parser

// http://www.ietf.org/rfc/rfc2616.txt, 14.4 Accept-Language, Page 104

// Hypertext Transfer Protocol -- HTTP/1.1



foreach (explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']) as $lang) {

    $pattern = '/^(?P<primarytag>[a-zA-Z]{2,8})'.

    '(?:-(?P<subtag>[a-zA-Z]{2,8}))?(?:(?:;q=)'.

    '(?P<quantifier>\d\.\d))?$/';



    $splits = array();



    printf("Lang:,,%s''\n", $lang);

    if (preg_match($pattern, $lang, $splits)) {

        print_r($splits);

    } else {

        echo "\nno match\n";

    }

}



?>



example output:



Google Chrome 3.0.195.27 Windows xp



Lang:,,de-DE''

Array

(

    [0] => de-DE

    [primarytag] => de

    [1] => de

    [subtag] => DE

    [2] => DE

)

Lang:,,de;q=0.8''

Array

(

    [0] => de;q=0.8

    [primarytag] => de

    [1] => de

    [subtag] => 

    [2] => 

    [quantifier] => 0.8

    [3] => 0.8

)

Lang:,,en-US;q=0.6''

Array

(

    [0] => en-US;q=0.6

    [primarytag] => en

    [1] => en

    [subtag] => US

    [2] => US

    [quantifier] => 0.6

    [3] => 0.6

)

Lang:,,en;q=0.4''

Array

(

    [0] => en;q=0.4

    [primarytag] => en

    [1] => en

    [subtag] => 

    [2] => 

    [quantifier] => 0.4

    [3] => 0.4

)

Lord Mac
15-Oct-2009 04:56


An even *more* improved version...



<?php

phpinfo(32);

?>

corrodedmonkee at gmail dot com
22-Sep-2009 06:16


Just an improved version of jeffwks table of $_SERVER variables, and will pick up future additions without modification.



<?php

    echo '<table border="1">';



    foreach($_SERVER as $k => $v) {

        echo '<tr><td>'.$k.'</td><td>'.$v.'</td></tr>';

    }

    echo '</table>';

?>

steve at sc-fa dot com
17-Sep-2009 09:20


If you are serving from behind a proxy server, you will almost certainly save time by looking at what these $_SERVER variables do on your machine behind the proxy.   



$_SERVER['HTTP_X_FORWARDED_FOR'] in place of $_SERVER['REMOTE_ADDR']



$_SERVER['HTTP_X_FORWARDED_HOST'] and 

$_SERVER['HTTP_X_FORWARDED_SERVER'] in place of (at least in our case,) $_SERVER['SERVER_NAME']

cupy at email dot cz
20-Aug-2009 05:24


Tech note:

$_SERVER['argc'] and $_SERVER['argv'][] has some funny behaviour,

used from linux (bash) commandline, when called like 

"php ./script_name.php 0x020B" 

there is everything correct, but 

"./script_name.php 0x020B"

is not correct - "0" is passed instead of "0x020B" as $_SERVER['argv'][1] - see the script below.

Looks like the parameter is not passed well from bash to PHP.

(but, inspected on the level of bash, 0x020B is understood well as $1)



try this example:



------------->8------------------

cat ./script_name.php

#! /usr/bin/php



if( $_SERVER['argc'] == 2)

  {

    // funny... we have to do this trick to pass e.g. 0x020B from parameters

    // ignore this: "PHP Notice:  Undefined offset:  2 in ..."

    $EID = $_SERVER['argv'][1] + $_SERVER['argv'][2] + $_SERVER['argv'][3];

  }

 else

   {        // default

     $EID = 0x0210; // PPS failure

   }

jarrod at squarecrow dot com
11-Aug-2009 05:31


$_SERVER['DOCUMENT_ROOT'] is incredibly useful especially when working in your development environment. If you're working on large projects you'll likely be including a large number of files into your pages. For example:





<?php


//Defines constants to use for "include" URLS - helps keep our paths clean





        define("REGISTRY_CLASSES",  $_SERVER['DOCUMENT_ROOT']."/SOAP/classes/");


        define("REGISTRY_CONTROLS", $_SERVER['DOCUMENT_ROOT']."/SOAP/controls/");





        define("STRING_BUILDER",     REGISTRY_CLASSES. "stringbuilder.php");


        define("SESSION_MANAGER",     REGISTRY_CLASSES. "sessionmanager.php");


        define("STANDARD_CONTROLS",    REGISTRY_CONTROLS."standardcontrols.php");


?>





In development environments, you're rarely working with your root folder, especially if you're running PHP locally on your box and using DOCUMENT_ROOT is a great way to maintain URL conformity. This will save you hours of work preparing your application for deployment from your box to a production server (not to mention save you the headache of include path failures).

Richard York
09-Jul-2009 08:19


Not documented here is the fact that $_SERVER is populated with some pretty useful information when accessing PHP via the shell.



 ["_SERVER"]=>

  array(24) {

    ["MANPATH"]=>

    string(48) "/usr/share/man:/usr/local/share/man:/usr/X11/man"

    ["TERM"]=>

    string(11) "xterm-color"

    ["SHELL"]=>

    string(9) "/bin/bash"

    ["SSH_CLIENT"]=>

    string(20) "127.0.0.1 41242 22"

    ["OLDPWD"]=>

    string(60) "/Library/WebServer/Domains/www.example.com/private"

    ["SSH_TTY"]=>

    string(12) "/dev/ttys000"

    ["USER"]=>

    string(5) "username"

    ["MAIL"]=>

    string(15) "/var/mail/username"

    ["PATH"]=>

    string(57) "/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin"

    ["PWD"]=>

    string(56) "/Library/WebServer/Domains/www.example.com/www"

    ["SHLVL"]=>

    string(1) "1"

    ["HOME"]=>

    string(12) "/Users/username"

    ["LOGNAME"]=>

    string(5) "username"

    ["SSH_CONNECTION"]=>

    string(31) "127.0.0.1 41242 10.0.0.1 22"

    ["_"]=>

    string(12) "/usr/bin/php"

    ["__CF_USER_TEXT_ENCODING"]=>

    string(9) "0x1F5:0:0"

    ["PHP_SELF"]=>

    string(10) "Shell.php"

    ["SCRIPT_NAME"]=>

    string(10) "Shell.php"

    ["SCRIPT_FILENAME"]=>

    string(10) "Shell.php"

    ["PATH_TRANSLATED"]=>

    string(10) "Shell.php"

    ["DOCUMENT_ROOT"]=>

    string(0) ""

    ["REQUEST_TIME"]=>

    int(1247162183)

    ["argv"]=>

    array(1) {

      [0]=>

      string(10) "Shell.php"

    }

    ["argc"]=>

    int(1)

  }

chris
03-Jul-2009 01:01


A table of everything in the $_SERVER array can be found near the bottom of the output of phpinfo();

Myrddin
26-May-2009 08:00


To extend a bit on the table posted by jeffwk. You can use this piece of code to print all $_SERVER variables in a table with some mouse over effects to increase readability.



<?php

echo '<table style="border-collapse: collapse;">';

foreach ($_SERVER as $key => $val)

    echo '<tr onMouseOver="this.style.backgroundColor=\'AAAABB\';" onMouseOut="this.style.backgroundColor=\'transparent\';"><td style="font-weight: bold; border-right: 2px solid #000000;">'.$key.'</td><td style="width: 100%;">'.(is_array($val)?nl2br(print_r($val,true)):$val).'</td></tr>';

echo '</table>';

?>

jeffwk
24-May-2009 01:43


Hi I made a table with all the $_SERVER['***'] calls listed here as per 24/05/09 - I needed some answers so I figured someone else may too.  Copy the following code in a .php file and run it on your server.

-------------------------------------------

<?php

echo "<table border=\"1\">";

echo "<tr><td>" .$_SERVER['argv'] ."</td><td>argv</td></tr>";

echo "<tr><td>" .$_SERVER['argc'] ."</td><td>argc</td></tr>";

echo "<tr><td>" .$_SERVER['GATEWAY_INTERFACE'] ."</td><td>GATEWAY_INTERFACE</td></tr>";

echo "<tr><td>" .$_SERVER['SERVER_ADDR'] ."</td><td>SERVER_ADDR</td></tr>";

echo "<tr><td>" .$_SERVER['SERVER_NAME'] ."</td><td>SERVER_NAME</td></tr>";

echo "<tr><td>" .$_SERVER['SERVER_SOFTWARE'] ."</td><td>SERVER_SOFTWARE</td></tr>";

echo "<tr><td>" .$_SERVER['SERVER_PROTOCOL'] ."</td><td>SERVER_PROTOCOL</td></tr>";

echo "<tr><td>" .$_SERVER['REQUEST_METHOD'] ."</td><td>REQUEST_METHOD</td></tr>";

echo "<tr><td>" .$_SERVER['REQUEST_TIME'] ."</td><td>REQUEST_TIME</td></tr>";

echo "<tr><td>" .$_SERVER['QUERY_STRING'] ."</td><td>QUERY_STRING</td></tr>";

echo "<tr><td>" .$_SERVER['DOCUMENT_ROOT'] ."</td><td>DOCUMENT_ROOT</td></tr>";

echo "<tr><td>" .$_SERVER['HTTP_ACCEPT'] ."</td><td>HTTP_ACCEPT</td></tr>";

echo "<tr><td>" .$_SERVER['HTTP_ACCEPT_CHARSET'] ."</td><td>HTTP_ACCEPT_CHARSET</td></tr>";

echo "<tr><td>" .$_SERVER['HTTP_ACCEPT_ENCODING'] ."</td><td>HTTP_ACCEPT_ENCODING</td></tr>";

echo "<tr><td>" .$_SERVER['HTTP_ACCEPT_LANGUAGE'] ."</td><td>HTTP_ACCEPT_LANGUAGE</td></tr>";

echo "<tr><td>" .$_SERVER['HTTP_CONNECTION'] ."</td><td>HTTP_CONNECTION</td></tr>";

echo "<tr><td>" .$_SERVER['HTTP_HOST'] ."</td><td>HTTP_HOST</td></tr>";

echo "<tr><td>" .$_SERVER['HTTP_REFERER'] ."</td><td>HTTP_REFERER</td></tr>";

echo "<tr><td>" .$_SERVER['HTTP_USER_AGENT'] ."</td><td>HTTP_USER_AGENT</td></tr>";

echo "<tr><td>" .$_SERVER['HTTPS'] ."</td><td>HTTPS</td></tr>";

echo "<tr><td>" .$_SERVER['REMOTE_ADDR'] ."</td><td>REMOTE_ADDR</td></tr>";

echo "<tr><td>" .$_SERVER['REMOTE_HOST'] ."</td><td>REMOTE_HOST</td></tr>";

echo "<tr><td>" .$_SERVER['REMOTE_PORT'] ."</td><td>REMOTE_PORT</td></tr>";

echo "<tr><td>" .$_SERVER['SCRIPT_FILENAME'] ."</td><td>SCRIPT_FILENAME</td></tr>";

echo "<tr><td>" .$_SERVER['SERVER_ADMIN'] ."</td><td>SERVER_ADMIN</td></tr>";

echo "<tr><td>" .$_SERVER['SERVER_PORT'] ."</td><td>SERVER_PORT</td></tr>";

echo "<tr><td>" .$_SERVER['SERVER_SIGNATURE'] ."</td><td>SERVER_SIGNATURE</td></tr>";

echo "<tr><td>" .$_SERVER['PATH_TRANSLATED'] ."</td><td>PATH_TRANSLATED</td></tr>";

echo "<tr><td>" .$_SERVER['SCRIPT_NAME'] ."</td><td>SCRIPT_NAME</td></tr>";

echo "<tr><td>" .$_SERVER['REQUEST_URI'] ."</td><td>REQUEST_URI</td></tr>";

echo "<tr><td>" .$_SERVER['PHP_AUTH_DIGEST'] ."</td><td>PHP_AUTH_DIGEST</td></tr>";

echo "<tr><td>" .$_SERVER['PHP_AUTH_USER'] ."</td><td>PHP_AUTH_USER</td></tr>";

echo "<tr><td>" .$_SERVER['PHP_AUTH_PW'] ."</td><td>PHP_AUTH_PW</td></tr>";

echo "<tr><td>" .$_SERVER['AUTH_TYPE'] ."</td><td>AUTH_TYPE</td></tr>";

echo "</table>"

?>



---------------------------------------------------------------

pudding06 at gmail dot com
02-May-2009 11:44


Here's a simple, quick but effective way to block unwanted external visitors to your local server:





<?php


// only local requests


if ($_SERVER['REMOTE_ADDR'] !== '127.0.0.1') die(header("Location: /"));


?>





This will direct all external traffic to your home page. Of course you could send a 404 or other custom error. Best practice is not to stay on the page with a custom error message as you acknowledge that the page does exist. That's why I redirect unwanted calls to (for example) phpmyadmin.

dragon[dot]dionysius[at]gmail[dot]com
29-Apr-2009 07:53


I've updated the function of my previous poster and putted it into my class.



<?php

    /**

     * Checking HTTP-Header for language

     * needed for various system classes

     * 

     * @return    boolean    true/false 

     */

    private function _checkClientLanguage()

    {    

        $langcode = (!empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '';

        $langcode = (!empty($langcode)) ? explode(";", $langcode) : $langcode;

        $langcode = (!empty($langcode['0'])) ? explode(",", $langcode['0']) : $langcode;

        $langcode = (!empty($langcode['0'])) ? explode("-", $langcode['0']) : $langcode;

        return $langcode['0'];

    }

?>



Please note, you have to check additional the result! Because the header may be missing or another possible thing, it is malformed. So check the result with a list with languages you support and perhaps you have to load a default language.



<?php



// if result isn't one of my defined languages

            if(!in_array($lang, $language_list)) {

                $lang = $language_default; // load default



?>



My HTTP_ACCEPT_LANGUAGE string:

FF3: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 

IE7: de-ch



So, take care of it!

dalys at chokladboll dot se
15-Apr-2009 11:03


If you want en, sv-SE, da, es etc. to be returned from $_SERVER['HTTP_ACCEPT_LANGUAGE'] you can use this function:



<?php

function detectlanguage() {

    $langcode = explode(";", $_SERVER['HTTP_ACCEPT_LANGUAGE']);

    $langcode = explode(",", $langcode['0']);

    return $langcode['0'];

    }



$language = detectlanguage();



echo "You have chosen $language as your language in your web browser.";

?>

Vladimir Kornea
14-Mar-2009 02:06


1. All elements of the $_SERVER array whose keys begin with 'HTTP_' come from HTTP request headers and are not to be trusted.



2. All HTTP headers sent to the script are made available through the $_SERVER array, with names prefixed by 'HTTP_'.



3. $_SERVER['PHP_SELF'] is dangerous if misused. If login.php/nearly_arbitrary_string is requested, $_SERVER['PHP_SELF'] will contain not just login.php, but the entire login.php/nearly_arbitrary_string. If you've printed $_SERVER['PHP_SELF'] as the value of the action attribute of your form tag without performing HTML encoding, an attacker can perform XSS attacks by offering users a link to your site such as this:



<a href='http://www.example.com/login.php/"><script type="text/javascript">...</script><span a="'>Example.com</a>



The javascript block would define an event handler function and bind it to the form's submit event. This event handler would load via an <img> tag an external file, with the submitted username and password as parameters.



Use $_SERVER['SCRIPT_NAME'] instead of $_SERVER['PHP_SELF']. HTML encode every string sent to the browser that should not be interpreted as HTML, unless you are absolutely certain that it cannot contain anything that the browser can interpret as HTML.

info at mtprod dot com
23-Jan-2009 11:13


On Windows IIS 7 you must use $_SERVER['LOCAL_ADDR'] rather than $_SERVER['SERVER_ADDR'] to get the server's IP address.

jonbarnett at gmail dot com
24-Nov-2008 06:13


It's worth noting that $_SERVER variables get created for any HTTP request headers, including those you might invent:



If the browser sends an HTTP request header of:

X-Debug-Custom: some string



Then:



<?php

$_SERVER['HTTP_X_DEBUG_CUSTOM']; // "some string"

?>



There are better ways to identify the HTTP request headers sent by the browser, but this is convenient if you know what to expect from, for example, an AJAX script with custom headers.



Works in PHP5 on Apache with mod_php.  Don't know if this is true from other environments.

jette at nerdgirl dot dk
01-Nov-2008 08:43


Windows running IIS v6 does not include $_SERVER['SERVER_ADDR']



If you need to get the IP addresse, use this instead:



<?php

$ipAddress = gethostbyname($_SERVER['SERVER_NAME']);

?>

geoffrey dot hoffman at gmail dot com
26-Oct-2008 02:13


If you are looking at $_SERVER['HTTP_USER_AGENT'] to determine whether your user is on a mobile device, you may want to visit these resources:



http://wurfl.sourceforge.net/



http://www.zytrax.com/tech/web/mobile_ids.html

Thomas Urban
22-Oct-2008 10:19


Maybe you're missing information on $_SERVER['CONTENT_TYPE'] or $_SERVER['CONTENT_LENGTH'] as I did. On POST-requests these are available in addition to those listed above.

Taomyn
12-Oct-2008 04:21


'HTTPS'

    Set to a non-empty value if the script was queried through the HTTPS protocol. Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol. 



Does the same for IIS7 running PHP as a Fast-CGI application.

Tonin
16-Sep-2008 07:43


When using the $_SERVER['SERVER_NAME'] variable in an apache virtual host setup with a ServerAlias directive, be sure to check the UseCanonicalName apache directive.  If it is On, this variable will always have the apache ServerName value.  If it is Off, it will have the value given by the headers sent by the browser.



Depending on what you want to do the content of this variable, put in On or Off.

Andrew B
09-Sep-2008 01:26


Please note on Windows/IIS - the variable 'USER_AUTH' will return the username/identity of the user accessing the page, i.e. if anonymous access is off, you would normally get back "$domain\$username".

jeff at example dot com
12-Aug-2008 08:24


Note that, in Apache 2, the server settings will affect the variables available in $_SERVER. For example, if you are using SSL, the following directive will dump SSL-related status information, along with the server certificate and client certificate (if present) into the $_SERVER variables:



SSLOptions +StdEnvVars +ExportCertData

silverquick at gmail dot com
06-Aug-2008 02:55


I think the HTTPS element will only be present under Apache 2.x. It's not in the list of "special" variables here:

http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html#RewriteCond

But it is here:

http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewritecond

danny at orionrobots dot co dot uk
31-Jul-2008 11:25


It is worth noting here that if you use $_SERVER['REQUEST_URI'] with a rewrite rule, the original, not rewritten URI will be presented.

emailfire at gmail dot com
26-May-2008 04:49


REQUEST_URI is useful, but if you want to get just the file name use:



<?php

$this_page = basename($_SERVER['REQUEST_URI']);

if (strpos($this_page, "?") !== false) $this_page = reset(explode("?", $this_page));

?>

add a note

$_GET

$GLOBALS