TalkPHP - View Single Post - $_SERVER['REQUEST_URI'] ... Server or header generated?

drewbee · 05-09-2008, 07:29 PM

Hello all,

I use a database instead of sessions to keep information about a user. One of my columns tracks the current page that the user is on, and it is simply an update to the table setting the value with $_SERVER['REQUEST_URI']. I have been seeing some strange urls in there lately, IE Welcome to Intel.

I thought request uri was generated by the server, and pays no attention to the given header information.

One of two things are happening here:
1) I have a breach in my code somewhere, which I don't see how is possible since this code never touches user input.
2) request_uri is sent by the header and is being modified.

Does anyone have any information or tips about this?

05-09-2008, 07:29 PM	#1 (permalink)
drewbee The Acquainted Join Date: May 2008 Posts: 175 Thanks: 9	$_SERVER['REQUEST_URI'] ... Server or header generated? Hello all, I use a database instead of sessions to keep information about a user. One of my columns tracks the current page that the user is on, and it is simply an update to the table setting the value with $_SERVER['REQUEST_URI']. I have been seeing some strange urls in there lately, IE Welcome to Intel. I thought request uri was generated by the server, and pays no attention to the given header information. One of two things are happening here: 1) I have a breach in my code somewhere, which I don't see how is possible since this code never touches user input. 2) request_uri is sent by the header and is being modified. Does anyone have any information or tips about this?