Posted by Richard Davey on 10/04/35 11:23

Hello Joe,

Monday, August 8, 2005, 6:40:37 PM, you wrote:

JS> Is this potentially bad, security wise, to do something like this?
JS> Can you guys recommend any way to tighten this up a bit or do this
JS> sort of thing better/more eloquently?

$_SERVER is, thankfully, _mostly_ populated by the web server, not the
client. HTTP_HOST certainly falls into this category. The only thing
you probably shouldn't do is rely on it always being there, so have
some catch-all set of headers / css if it's not set (mind you, if that
happens you've got a bigger problem on your hands! but it'd stop your
site breaking).

JS> <?
JS> $Host1 = array ('name1.host.com');
JS> if (in_array ($_SERVER['HTTP_HOST'], $Host1))
JS> {
JS> $HeaderImg = "/headers/name1_header.gif"; // define graphic
JS> $SiteCSS = "/css/name1_css.css"; // define css
JS> }

Why are you creating lots of arrays and then using in_array to check
them? Just seems a little pointless in this instance as it gives you
no real benefit - comparing a one element array against a variable is
just... well.. comparing a variable with a variable! So why not do
that? Perhaps a switch block would serve your needs better?

switch ($_SERVER['HTTP_HOST'])
{
case 'name1.host.com':
$header = ..
break;
}

etc - then you can combine multiple hosts into one section and have a
default set at the bottom.

Best regards,

Richard Davey
--
http://www.launchcode.co.uk - PHP Development Services
Zend Certified Engineer
"I do not fear computers. I fear the lack of them." - Isaac Asimov

[Back to original message]