PHP’s Superglobal Variables
PHP offers a number of useful predefined variables, which are accessible from anywhere
within the executing script and provide you with a substantial amount of environment-specific
information. You can sift through these variables to retrieve details about the current user
session, the user’s operating environment, the local operating environment, and more. PHP
creates some of the variables, while the availability and value of many of the other variables are
specific to the operating system and Web server. Therefore, rather than attempt to assemble a
comprehensive list of all possible predefined variables and their possible values, the following
code will output all predefined variables pertinent to any given Web server and the script’s
execution environment:
foreach ($_SERVER as $var => $value) {
echo "$var => $value <br />";
}
This returns a list of variables similar to the following. Take a moment to peruse the listing
produced by this code as executed on a Windows server. You’ll see some of these variables
again in the examples that follow.
HTTP_ACCEPT => */*
HTTP_ACCEPT_LANGUAGE => en-us
HTTP_ACCEPT_ENCODING => gzip, deflate
HTTP_USER_AGENT => Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)
HTTP_HOST => localhost
HTTP_CONNECTION => Keep-Alive
PATH => C:\Perl\bin\;C:\WINDOWS\system32;C:\WINDOWS;
SystemRoot => C:\WINDOWS
COMSPEC => C:\WINDOWS\system32\cmd.exe
PATHEXT => .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
64 CHAPTER 3 ■ PHP BASICS
WINDIR => C:\WINDOWS
SERVER_SIGNATURE => Apache/2.0.54 (Win32) PHP/5.1.b2 Server at localhost Port 80
SERVER_SOFTWARE => Apache/2.0.54 (Win32) PHP/5.1.0b2
SERVER_NAME => localhost
SERVER_ADDR => 127.0.0.1
SERVER_PORT => 80
REMOTE_ADDR => 127.0.0.1
DOCUMENT_ROOT => C:/Apache2/htdocs
SERVER_ADMIN => wj@wjgilmore.com
SCRIPT_FILENAME => C:/Apache2/htdocs/pmnp/3/globals.php
REMOTE_PORT => 1393
GATEWAY_INTERFACE => CGI/1.1
SERVER_PROTOCOL => HTTP/1.1
REQUEST_METHOD => GET
QUERY_STRING =>
REQUEST_URI => /pmnp/3/globals.php
SCRIPT_NAME => /pmnp/3/globals.php
PHP_SELF => /pmnp/3/globals.php
As you can see, quite a bit of information is available—some useful, some not so useful.
You can display just one of these variables simply by treating it as a regular variable. For example,
use this to display the user’s IP address:
print "Hi! Your IP address is: $_SERVER['REMOTE_ADDR']";
This returns a numerical IP address, such as 192.0.34.166.
You can also gain information regarding the user’s browser and operating system.
Consider the following one-liner:
print "Your browser is: $_SERVER['HTTP_USER_AGENT']";
This returns information similar to the following:
Your browser is: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.0.3705)
This example illustrates only one of PHP’s nine predefined variable arrays. The rest of this
section is devoted to introducing the purpose and contents of each.
■Note To use the predefined variable arrays, the configuration parameter track_vars must be enabled
in the php.ini file. As of PHP 4.03, track_vars is always enabled.
within the executing script and provide you with a substantial amount of environment-specific
information. You can sift through these variables to retrieve details about the current user
session, the user’s operating environment, the local operating environment, and more. PHP
creates some of the variables, while the availability and value of many of the other variables are
specific to the operating system and Web server. Therefore, rather than attempt to assemble a
comprehensive list of all possible predefined variables and their possible values, the following
code will output all predefined variables pertinent to any given Web server and the script’s
execution environment:
foreach ($_SERVER as $var => $value) {
echo "$var => $value <br />";
}
This returns a list of variables similar to the following. Take a moment to peruse the listing
produced by this code as executed on a Windows server. You’ll see some of these variables
again in the examples that follow.
HTTP_ACCEPT => */*
HTTP_ACCEPT_LANGUAGE => en-us
HTTP_ACCEPT_ENCODING => gzip, deflate
HTTP_USER_AGENT => Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)
HTTP_HOST => localhost
HTTP_CONNECTION => Keep-Alive
PATH => C:\Perl\bin\;C:\WINDOWS\system32;C:\WINDOWS;
SystemRoot => C:\WINDOWS
COMSPEC => C:\WINDOWS\system32\cmd.exe
PATHEXT => .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
64 CHAPTER 3 ■ PHP BASICS
WINDIR => C:\WINDOWS
SERVER_SIGNATURE => Apache/2.0.54 (Win32) PHP/5.1.b2 Server at localhost Port 80
SERVER_SOFTWARE => Apache/2.0.54 (Win32) PHP/5.1.0b2
SERVER_NAME => localhost
SERVER_ADDR => 127.0.0.1
SERVER_PORT => 80
REMOTE_ADDR => 127.0.0.1
DOCUMENT_ROOT => C:/Apache2/htdocs
SERVER_ADMIN => wj@wjgilmore.com
SCRIPT_FILENAME => C:/Apache2/htdocs/pmnp/3/globals.php
REMOTE_PORT => 1393
GATEWAY_INTERFACE => CGI/1.1
SERVER_PROTOCOL => HTTP/1.1
REQUEST_METHOD => GET
QUERY_STRING =>
REQUEST_URI => /pmnp/3/globals.php
SCRIPT_NAME => /pmnp/3/globals.php
PHP_SELF => /pmnp/3/globals.php
As you can see, quite a bit of information is available—some useful, some not so useful.
You can display just one of these variables simply by treating it as a regular variable. For example,
use this to display the user’s IP address:
print "Hi! Your IP address is: $_SERVER['REMOTE_ADDR']";
This returns a numerical IP address, such as 192.0.34.166.
You can also gain information regarding the user’s browser and operating system.
Consider the following one-liner:
print "Your browser is: $_SERVER['HTTP_USER_AGENT']";
This returns information similar to the following:
Your browser is: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.0.3705)
This example illustrates only one of PHP’s nine predefined variable arrays. The rest of this
section is devoted to introducing the purpose and contents of each.
■Note To use the predefined variable arrays, the configuration parameter track_vars must be enabled
in the php.ini file. As of PHP 4.03, track_vars is always enabled.
$_SERVER
The $_SERVER superglobal contains information created by the Web server, and offers a bevy of
information regarding the server and client configuration and the current request environment.
Although the value and number of variables found in $_SERVER varies by server, you can typically
expect to find those defined in the CGI 1.1 specification (available at the National Center for
Supercomputing Applications, at http://hoohoo.ncsa.uiuc.edu/cgi/env.html). You’ll likely
find all of these variables to be quite useful in your applications, some of which include:
• $_SERVER['HTTP_REFERER']: The URL of the page that referred the user to the current
location.
• $_SERVER['REMOTE_ADDR']: The client’s IP address.
• $_SERVER['REQUEST_URI']: The path component of the URL. For example, if the URL
is http://www.example.com/blog/apache/index.html, then the URI is /blog/apache/
index.html.
• $_SERVER['HTTP_USER_AGENT']: The client’s user agent, which typically offers information
about both the operating system and browser.
information regarding the server and client configuration and the current request environment.
Although the value and number of variables found in $_SERVER varies by server, you can typically
expect to find those defined in the CGI 1.1 specification (available at the National Center for
Supercomputing Applications, at http://hoohoo.ncsa.uiuc.edu/cgi/env.html). You’ll likely
find all of these variables to be quite useful in your applications, some of which include:
• $_SERVER['HTTP_REFERER']: The URL of the page that referred the user to the current
location.
• $_SERVER['REMOTE_ADDR']: The client’s IP address.
• $_SERVER['REQUEST_URI']: The path component of the URL. For example, if the URL
is http://www.example.com/blog/apache/index.html, then the URI is /blog/apache/
index.html.
• $_SERVER['HTTP_USER_AGENT']: The client’s user agent, which typically offers information
about both the operating system and browser.
$_GET
The $_GET superglobal contains information pertinent to any parameters passed using the GET
method. If the URL http://www.example.com/index.html?cat=apache&id=157 was requested,
you could access the following variables by using the $_GET superglobal:
$_GET['cat'] = "apache"
$_GET['id'] = "157"
The $_GET superglobal, by default, is the only way that you can access variables passed via
the GET method. You cannot reference GET variables like this: $cat, $id. See Chapter 21 for an
explanation of why this is the recommended means for accessing GET information.
method. If the URL http://www.example.com/index.html?cat=apache&id=157 was requested,
you could access the following variables by using the $_GET superglobal:
$_GET['cat'] = "apache"
$_GET['id'] = "157"
The $_GET superglobal, by default, is the only way that you can access variables passed via
the GET method. You cannot reference GET variables like this: $cat, $id. See Chapter 21 for an
explanation of why this is the recommended means for accessing GET information.
$_POST
The $_POST superglobal contains information pertinent to any parameters passed using the
POST method. Consider the following form, used to solicit subscriber information:
<form action="subscribe.php" method="post">
<p>
Email address:<br />
<input type="text" name="email" size="20" maxlength="50" value="" />
</p>
<p>
Password:<br />
<input type="password" name="pswd" size="20" maxlength="15" value="" />
</p>
<p>
<input type="submit" name="subscribe" value="subscribe!" />
</p>
</form>
The following POST variables will be made available via the target subscribe.php script:
$_POST['email'] = "jason@example.com";
$_POST['pswd'] = "rainyday";
$_POST['subscribe'] = "subscribe!";
Like $_GET, the $_POST superglobal is by default the only way to access POST variables.
You cannot reference POST variables like this: $email, $pswd, $subscribe.
POST method. Consider the following form, used to solicit subscriber information:
<form action="subscribe.php" method="post">
<p>
Email address:<br />
<input type="text" name="email" size="20" maxlength="50" value="" />
</p>
<p>
Password:<br />
<input type="password" name="pswd" size="20" maxlength="15" value="" />
</p>
<p>
<input type="submit" name="subscribe" value="subscribe!" />
</p>
</form>
The following POST variables will be made available via the target subscribe.php script:
$_POST['email'] = "jason@example.com";
$_POST['pswd'] = "rainyday";
$_POST['subscribe'] = "subscribe!";
Like $_GET, the $_POST superglobal is by default the only way to access POST variables.
You cannot reference POST variables like this: $email, $pswd, $subscribe.
$_COOKIE
The $_COOKIE superglobal stores information passed into the script through HTTP cookies.
Such cookies are typically set by a previously executed PHP script through the PHP function
setcookie(). For example, suppose that you use setcookie() to store a cookie named example.com
with the value ab2213. You could later retrieve that value by calling $_COOKIE["example.com"].
Such cookies are typically set by a previously executed PHP script through the PHP function
setcookie(). For example, suppose that you use setcookie() to store a cookie named example.com
with the value ab2213. You could later retrieve that value by calling $_COOKIE["example.com"].
$_FILES
The $_FILES superglobal contains information regarding data uploaded to the server via the
POST method. This superglobal is a tad different from the others in that it is a two-dimensional
array containing five elements. The first subscript refers to the name of the form’s file-upload
form element; the second is one of five predefined subscripts that describe a particular
attribute of the uploaded file:
• $_FILES['upload-name']['name']: The name of the file as uploaded from the client to
the server.
• $_FILES['upload-name']['type']: The MIME type of the uploaded file. Whether this
variable is assigned depends on the browser capabilities.
• $_FILES['upload-name']['size']: The byte size of the uploaded file.
• $_FILES['upload-name']['tmp_name']: Once uploaded, the file will be assigned a temporary
name before it is moved to its final location.
• $_FILES['upload-name']['error']: An upload status code. Despite the name, this variable
will be populated even in the case of success. There are five possible values:
• UPLOAD_ERR_OK: The file was successfully uploaded.
• UPLOAD_ERR_INI_SIZE: The file size exceeds the maximum size imposed by the
upload_max_filesize directive.
• UPLOAD_ERR_FORM_SIZE: The file size exceeds the maximum size imposed by an optional
MAX_FILE_SIZE hidden form-field parameter.
• UPLOAD_ERR_PARTIAL: The file was only partially uploaded.
• UPLOAD_ERR_NO_FILE: A file was not specified in the upload form prompt.
POST method. This superglobal is a tad different from the others in that it is a two-dimensional
array containing five elements. The first subscript refers to the name of the form’s file-upload
form element; the second is one of five predefined subscripts that describe a particular
attribute of the uploaded file:
• $_FILES['upload-name']['name']: The name of the file as uploaded from the client to
the server.
• $_FILES['upload-name']['type']: The MIME type of the uploaded file. Whether this
variable is assigned depends on the browser capabilities.
• $_FILES['upload-name']['size']: The byte size of the uploaded file.
• $_FILES['upload-name']['tmp_name']: Once uploaded, the file will be assigned a temporary
name before it is moved to its final location.
• $_FILES['upload-name']['error']: An upload status code. Despite the name, this variable
will be populated even in the case of success. There are five possible values:
• UPLOAD_ERR_OK: The file was successfully uploaded.
• UPLOAD_ERR_INI_SIZE: The file size exceeds the maximum size imposed by the
upload_max_filesize directive.
• UPLOAD_ERR_FORM_SIZE: The file size exceeds the maximum size imposed by an optional
MAX_FILE_SIZE hidden form-field parameter.
• UPLOAD_ERR_PARTIAL: The file was only partially uploaded.
• UPLOAD_ERR_NO_FILE: A file was not specified in the upload form prompt.
$_ENV
The $_ENV superglobal offers information regarding the PHP parser’s underlying server environment.
Some of the variables found in this array include:
• $_ENV['HOSTNAME']: The server host name
• $_ENV['SHELL']: The system shell
Some of the variables found in this array include:
• $_ENV['HOSTNAME']: The server host name
• $_ENV['SHELL']: The system shell
$_REQUEST
The $_REQUEST superglobal is a catch-all of sorts, recording variables passed to a script via any
input method, specifically GET, POST, and Cookie. The order of these variables doesn’t depend
on the order in which they appear in the sending script, but rather depends on the order specified
by the variables_order configuration directive. Although it may be tempting, do not use
this superglobal to handle variables, because it is insecure. See Chapter 21 for an explanation.
input method, specifically GET, POST, and Cookie. The order of these variables doesn’t depend
on the order in which they appear in the sending script, but rather depends on the order specified
by the variables_order configuration directive. Although it may be tempting, do not use
this superglobal to handle variables, because it is insecure. See Chapter 21 for an explanation.
$_SESSION
The $_SESSION superglobal contains information regarding all session variables. Registering
session information allows you the convenience of referring to it throughout your entire Web
site, without the hassle of explicitly passing the data via GET or POST. Chapter 18 is devoted to
PHP’s formidable session-handling feature.
session information allows you the convenience of referring to it throughout your entire Web
site, without the hassle of explicitly passing the data via GET or POST. Chapter 18 is devoted to
PHP’s formidable session-handling feature.
$GLOBALS
The $GLOBALS superglobal array can be thought of as the superglobal superset, and contains a
comprehensive listing of all variables found in the global scope. You can view a dump of all
variables found in $GLOBALS by executing the following:
print '<pre>';
print_r($GLOBALS);
PRINT '</pre>';
comprehensive listing of all variables found in the global scope. You can view a dump of all
variables found in $GLOBALS by executing the following:
print '<pre>';
print_r($GLOBALS);
PRINT '</pre>';
No comments:
Post a Comment