1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 8:10 am May 22, 2026

Forum Moderators: coopster

Message Too Old, No Replies

$_SERVER['HTTP_REFERER'] strange behavior.

Different results referring from the same page

         

nickknowledge

11:49 pm on Mar 3, 2005 (gmt 0)

10+ Year Member



I'm having trouble with referring a page across my site.

My php uses a switch statement to see which action to use (if any): 


if(!empty($action_get)) {
switch ($action_get) {
case 'student_unassign':
 header('Location: ' . ERROR_FILE . '?error_id=2');
exit;
break;
default:
 header('Location: ' . ERROR_FILE . '?error_id=2');
exit;
break;
}
}

These two cases produce different results on the error.php page (defined as a constant for ERROR_FILE)

I split out the referer array: 


$ref = $_SERVER['HTTP_REFERER'];
$ref_arr = explode("/", $ref);
$ref_count = count($ref_arr);
$ref_url = $ref_arr[$ref_count-1];

and use 

$ref_url
to display the referring page. 

case 'student_unassign':

correctly displays where it's from (students.php) 

default:

all the values are blank.

Any idea what is causing this / how to fix it?
Effectively I'm trying to positively validate the $action_get variable, and if it's not 'student_unassign', then redirect to the error.php page, creating a link for the user to return to the correct ("students.php") page.

Thanks,

Nick.

nickknowledge

1:36 am on Mar 4, 2005 (gmt 0)

10+ Year Member



Update:

If I create a link on this page which has an incorrect action (e.g. 

students.php?action=test
), then it goes to the error page correctly.

What I'm trying to handle is if someone copies an existing URL off the page, and pastes it into their browser, trying to change the action:

e.g. from 

students.php?action=student_unassign
to 
students.php?action=student_delete

of course, the deletes and updates are a lot more rigorously tested (including user level etc.) than this, but I want to be able to handle the errors gracefully.

coopster

2:18 am on Mar 4, 2005 (gmt 0)

WebmasterWorld Administrator 10+ Year Member



Welcome to WebmasterWorld, nickknowledge.

Before anything else, are you aware that http_referer is not always there [webmasterworld.com]?

nickknowledge

2:35 am on Mar 4, 2005 (gmt 0)

10+ Year Member



Thanks Coopster.

I had read that REFERER isn't always there. My puzzlement is that it's there in one case, and not in another.

Doing some more investigation, if I have a link embedded in the page (e.g. 

<a href="http://localhost/education/students.php?action=test>Test</a>
), then REFERER is present.

If I paste the same URL directly into the browser, REFERER isn't present.

In the cases where it's not there, my error.php script defaults to providing a link back to index.php.

It's unlikely that a user will copy the link and hack it, and I positively validate the $action_get variable using a switch statement, but this problem has been nagging me for a few hours.

Thanks,

Nick.

coopster

2:06 pm on Mar 4, 2005 (gmt 0)

WebmasterWorld Administrator 10+ Year Member




If I paste the same URL directly into the browser, REFERER isn't present.

Bingo. That's the nature of the HTTP_REFERER [faqts.com] beast.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 8:10 am May 22, 2026