Home/ Questions/Q 7714109
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T02:02:36+00:00

Is it possible for a client to modify PHP superglobal variables, especially $_SERVER, somehow

  • 0

Is it possible for a client to modify PHP superglobal variables, especially $_SERVER, somehow – maybe not in a common way?

In other words, is this code secure:

if (($this->error->getCode()) == '404') {
   ob_clean();
   echo @file_get_contents("http://".$_SERVER['SERVER_NAME'].'/404.html');
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This code is fine – SERVER_NAME can’t be modified. The ones to be careful with are $_SERVER['PHP_SELF'] or $_SERVER['REQUEST_URI'], as a user could add some js to the address bar – if these are written out to the screen they should be carefully escaped.

    Your code is fine though.

    • 0