PHP Free Tutorial

Superglobal Arrays in PHP

In PHP, Programming by Baqir Ali

What is Superglobal Array?

The PHP Superglobals are a handful of arrays that provide to a PHP script global access to data originating externally. Whereas PHP scripts contain variables that are local to that script and functions may have variables that are only accessible within that function therefore the PHP Superglobals represent data coming from URLs, HTML forms, cookies, sessions, and the Web server itself.

$HTTP_GET_VARS, $HTTP_POST_VARS, etc., served these same purposes but the PHP superglobal variables are better in that they can also be accessed within any functions (i.e., they have global scope).

Superglobal Arrays in PHP

  • $_GET – variables passed into a page on the query string.
  • $_POST – variables passed into a page through a form using the post method.
  • $_SERVER – server environment variables e.g,$_SERVER[‘HTTP_REFERER’] returns the URL of the referring page).
  • $_COOKIE – cookie variables.
  • $_FILES – variables containing information about uploaded files.
  • $_ENV – PHP environment variables (e.g, $_ENV[‘HTTP_HOST’] returns the name of the host server. (see footnote)
  • $_REQUEST – variables passed into a page through forms, the query string and cookies.
  • $_SESSION – session variables.

  • $_GET The $_GET Superglobal represents data sent to  the PHP script in a URL. This applies both to directly accessed     URLs                         (e.g., http://www.example.com/page.php?id=2) and form submissions that use the GET method.
  • $_POST The $_POST Superglobal are used to send data to the PHP script via HTTP POST. This is normally a form with a method of POST.
  • $_COOKIE The $_COOKIE Superglobal represents data available to a PHP script via HTTP cookies.
  • $_REQUEST The $_REQUEST Superglobal is a combination  of $_GET, $_POST, and $_COOKIE.
  • $_SESSION The $_SESSION Superglobal represents data available to a PHP script that has previously been stored in a session.
  • $_SERVER The $_SERVER Superglobal represents data available to a PHP script from the Web server itself. Common uses of $_SERVER is to refer to the current PHP script ($_SERVER[‘PHP_SELF’]), the path on the server to that script, the hostname, and so on.
  • $_ENV The $_ENV Superglobal represents data available to a PHP script from the environment in which PHP is running.
  • $_FILES The $_FILES Superglobal represents data available to a PHP script from HTTP POST file uploads. Using $_FILES is the currently preferred way to handle uploaded files in PHP.

Another PHP Superglobal, called $GLOBALS, stores every variable with global scope, which includes the above. Unlike the other Superglobals, $GLOBALS has been around since PHP 3.

Security Considerations

One key aspect of Web application security is referring to variables with precision, which is why relying upon register_globals is bad. For the same reason, one should not use $_REQUEST as it is less exact, and therefore less secure, than explicitly referring to $_GET, $_POST, or $_COOKIE. Furthermore, the order in which the GET, POST, and COOKIE data is loaded into the $_REQUEST array is dictated by PHP’s variables_orders configuration, so the same reference to $_REQUEST in a PHP script could behave differently on different servers.

For more info please refer to https://www.php.net/docs.php

Support us by sharing this post