You need $_SERVER['REQUEST_URI'] instead of $_SERVER['SCRIPT_NAME'], cos $_SERVER['SCRIPT_NAME'] will always give you the file which is working at the moment.
From manual:
SCRIPT_NAME: Contains the current script's path. This is useful for pages which need to point to themselves. The __FILE__ constant contains the full path and filename of the current (i.e. included) file. .
I suppose this helps you getting current URL fully.
echo 'http://'. $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
Notice: DO NOT RELY ON CLIENT'S HTTP_HOST, USE SERVER_NAME INSTEAD! SEE: What is the difference between HTTP_HOST and SERVER_NAME in PHP?
Security Warning
You need to filter (sanitize) $_SERVER['REQUEST_URI'] if you use it in anywhere (to print or store in database), cos it's not safe.
// ie: this could be harmfull
/user?id=123%00%27<script...
Hence, always filter user inputs before using them. At least use htmlspecialchars, htmlentities, strip_tags etc..
Or something like this;
function get_current_url($strip = true) {
// static sanitizer, 'cos function could be called many times
static $filter; if ($filter == null) {
$filter = function($input) use($strip) {
$input = trim($input);
if ($input == '/') {
return $input;
}
// add more chars if needed
$input = str_ireplace(["\0", '%00', "\x0a", '%0a', "\x1a", '%1a'], '',
rawurldecode($input));
// remove markup stuff
if ($strip) {
$input = strip_tags($input);
}
// or any encoding you use instead of utf-8
$input = htmlspecialchars($input, ENT_QUOTES, 'utf-8');
return $input;
};
$scheme = isset($_SERVER['REQUEST_SCHEME']) ? $_SERVER['REQUEST_SCHEME']
: ('http'. (($_SERVER['SERVER_PORT'] == '443') ? 's' : ''));
$host = $_SERVER['SERVER_NAME'];
$port = ($_SERVER['SERVER_PORT'] != '80' && $scheme != 'https')
? (':'. $_SERVER['SERVER_PORT']) : '';
}
}
return sprintf('%s://%s%s%s', $scheme, $host, $port, $filter($_SERVER['REQUEST_URI']));
}
