This is a tutorial on how to get the full HTTP URL of the current web page using PHP. To do this, we will create a custom function that pieces together some of the server information that is available in the $_SERVER superglobals array.
Take a look at the following PHP function:
/**
* Get the HTTP(S) URL of the current page.
*
* @param $server The $_SERVER superglobals array.
* @return string The URL.
*/
function currentUrl($server){
//Figure out whether we are using http or https.
$http = 'http';
//If HTTPS is present in our $_SERVER array, the URL should
//start with https:// instead of http://
if(isset($server['HTTPS'])){
$http = 'https';
}
//Get the HTTP_HOST.
$host = $server['HTTP_HOST'];
//Get the REQUEST_URI. i.e. The Uniform Resource Identifier.
$requestUri = $server['REQUEST_URI'];
//Finally, construct the full URL.
//Use the function htmlentities to prevent XSS attacks.
return $http . '://' . htmlentities($host) . '/' . htmlentities($requestUri);
}
$url = currentUrl($_SERVER);
echo $url;
To construct the URL, we use three different variables.
- We check to see if HTTPS exists. If “HTTPS” does exist in the $_SERVER array, then we assume that the site is using SSL and that the URL should start with HTTPS instead of HTTP.
- Next, we get the HTTP_HOST. This will give us the current domain name and/or sub-domain.
- Finally, we get the REQUEST_URI. This provides us with the file (and folder path) of the web page that is being requested. Note that any query string / GET parameters will also be included in this.
You may have noticed the fact that I used the PHP function htmlentities on both HTTP_HOST and REQUEST_URI. This is to prevent XSS attacks, as both variables can be modified by the client. By using htmlentities, we can guard against the possibility of a malicious attacker injecting JavaScript code into these variables.
Hopefully, my readers will find the function above to be useful.