Grumpy
Reputation: 1478
How to set custom $_SERVER variables from client in PHP
According to this post: Which $_SERVER variables are safe? and another I've seen, a client seems to be able to set custom $_SERVER variables. For example: $_SERVER['HTTP_EXAMPLE']
How would a client actually set a value to $_SERVER['HTTP_EXAMPLE']?
Upvotes: 13
Views: 32186
Answers (2)
Asta
Reputation: 1579
You can just set the variable in your script if you want
$_SERVER['DOCUMENT_ROOT'] = 'test';
echo $_SERVER['DOCUMENT_ROOT']; // test
What that other article is really referring to spoofed variables such as the REMOTE_ADDR which is reported by the client.
For more info on that check out this post on faking the REMOTE_ADDR. How to fake $_SERVER['REMOTE_ADDR'] variable?
Upvotes: 7
Related Questions
- How are $_SERVER variables sent from browser to server PHP
- PHP: define own server variable
- $_SERVER question?
- Working with PHP $_SERVER['SERVER_ADDR'] variable when used in command line script
- Can I create a server php variable?
- Setting a DYNAMIC Php $_SERVER value ($_SERVER['something']) using Apache .htaccess
- PHP Server-local Variable?
- PHP $_SERVER variables
- Can $_SERVER variables in PHP be changed by the user? If so how?
- Setting a Php $_SERVER value ($_SERVER['something']) using Apache .htaccess