I would like to read a url. www.domain.com?cookie=set&redirect=yes
Now I want to use $ _SERVER['REQUEST_URI'] but this does not work with strip_tags and htmlspecialchars.
Also many I read that you should watch for XSS.
Does anyone know how to save a URL can be used by GET?
$url = "http://'.$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI];
$url = strip_tags($url);//doesnt work
$url = htmlspecialchars($url);//doesnt work
Thanks!
Edit to (doesnt work):
$url = "http://".$_SERVER[HTTP_HOST]."".$_SERVER[REQUEST_URI];
$url = strip_tags($url);
echo $url;
for example www.domain.com?cookie=set&redirect=yes
output => index.php?cookie=se%3Cscript%3Et&re%3Cb%3Ed%3C/b%3Eirect=yes
This line
$url = "http://'.$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI];
Needs to be either
$url = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
or
$url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
The way you are currently doing it will not concatenate the data correctly.
Issues with the your line:
" to open and ' to close$_SERVER params e.g $_SERVER['PARAM']$_SERVER vars with anything so you'll get a syntax error