PHP Superglobals

PHP is a popular programming language that is widely used for web development.

One of the key features of PHP is its use of superglobals, which are built-in variables that are always available in all scopes.

We will explore what PHP superglobals are, how to use them, and some examples of their applications.

What are PHP Superglobals?

PHP superglobals are a set of predefined variables that can be accessed from anywhere in a PHP script, regardless of the scope. These variables are automatically created by PHP and are always available for use.

They are called superglobals because they are global variables that can be accessed from any function, class, or file without having to be passed as a parameter or defined in global scope.

The most commonly used PHP superglobals are:

• $_GET
• $_POST
• $_REQUEST
• $_SESSION
• $_COOKIE
• $_SERVER
• $_ENV

To access the value of a superglobal, you simply need to reference it by its name, preceded by a dollar sign (e.g. $GLOBALS, $_GET, $_POST…).

The $_GET Superglobal

The $_GET superglobal is used to retrieve data that is sent to the server via the HTTP GET method. This method is typically used when data needs to be passed to the server as part of the URL, such as when a user clicks on a link or submits a form with the method attribute set to GET.

When data is sent using the GET method, it is appended to the end of the URL as query strings.

For example, a link to a page with the URL example.com/page.php?name=John&age=25 is sending the values John for the name variable and “25” for the age variable using the GET method.

To access the value of a variable sent using the GET method, you can use the $_GET superglobal.

For example:

$name = $_GET['name'];

It’s important to note that the values of $_GET variables are visible in the URL and can be easily modified by the user. Therefore, it’s generally not recommended to use the GET method for sensitive information or data that should not be exposed in the URL.

Additionally, $_GET should never be used for form submissions that cause changes to the server or database as it can be easily tampered with.

The $_POST Superglobal

The $_POST superglobal is used to retrieve data that is sent to the server via the HTTP POST method. This method is typically used when data needs to be passed to the server as part of a form submission, such as when a user fills out and submits a form.

When data is sent using the POST method, it is sent as part of the request body and is not visible in the URL.

For example, consider a form with two fields: name and email. When the user submits the form, the data is sent to a PHP script that can access the values of these fields using the $_POST superglobal.

<form action="submit.php" method="post">
  <label for="name">Name:</label>
  <input type="text" name="name" id="name">
  <br>
  <label for="email">Email:</label>
  <input type="email" name="email" id="email">
  <br><br>
  <input type="submit" value="Submit">
</form>

// In submit.php
$name = $_POST['name'];
$email = $_POST['email'];

It’s important to note that the values of $_POST variables are not visible in the URL and are more secure than using the GET method.

It is generally recommended to use the POST method when sending sensitive information or data that should not be exposed in the URL.

It’s crucial to validate and sanitize all user input to avoid security vulnerabilities.

The $_REQUEST Superglobal

The $_REQUEST superglobal is used to retrieve data that is sent to the server via both the GET and POST methods. This means that it can be used to access data sent through forms, query strings, and other HTTP requests.

The $_REQUEST superglobal is an array that contains the contents of the $_GET, $_POST, and $_COOKIE superglobals. For example, if you have a variable name that is sent through a form using the POST method and through a query string using the GET method, you can access its value using the $_REQUEST superglobal.

$name = $_REQUEST['name'];

It’s important to note that the $_REQUEST superglobal can be less secure than using the $_GET or $_POST superglobals separately, as it can access data from any method and any variable, including cookies.

This means that it can be used to access sensitive information or data that should not be exposed. Additionally, it can make the code harder to read, and it can lead to confusion and bugs in your code.

It is generally recommended to use $_GET, $_POST and $_COOKIE superglobals separately instead of $_REQUEST superglobal for better readability, security and performance. Also, always validate and sanitize the user input to avoid security vulnerabilities.

The $_SESSION Superglobal

PHP sessions allow you to store data on the server for a particular user.

This data can be accessed across multiple pages and is available only for the duration of the user’s session.

To work with sessions in PHP, you can use the $_SESSION superglobal.

// Starting a session
session_start();

// Setting a session variable
$_SESSION['name'] = 'John Doe';

// Accessing a session variable
echo $_SESSION['name']; // Output: John

The $_SERVER Superglobal

The $_SERVER superglobal contains information about the server and the environment in which the script is running.

This information can be useful for debugging and creating dynamic content.

For example, to get the current script’s file name, you can use the $_SERVER[‘PHP_SELF’] variable:

echo $_SERVER['PHP_SELF'];

To get the client’s IP address, you can use the $_SERVER[‘REMOTE_ADDR’] variable:

echo $_SERVER['REMOTE_ADDR'];

The $_ENV Superglobal

The $_ENV superglobal allows you to access environment variables set on the server.

These variables can be set by the server administrator or through the command line.

For example, to access the value of the ‘TEMP’ environment variable, you can use the $_ENV[‘TEMP’] variable:

echo $_ENV['TEMP'];

The $_COOKIE Superglobal

The $_COOKIE superglobal is used to retrieve data that is stored on the client’s browser as cookies.

A cookie is a small piece of data that is stored on the client’s computer by the web server, and can later be retrieved by the server.

Cookies can be used to store information such as user preferences, login information, and shopping cart contents.

Cookies are set on the client’s browser using the setcookie() function in PHP.

For example, to set a cookie with the name username and the value John Doe, you would use the following code:

setcookie('username', 'John Doe');

To retrieve the value of a cookie, you can use the $_COOKIE superglobal.

For example:

$username = $_COOKIE['username'];

It’s important to note that cookies are stored on the client’s browser and can be easily modified by the user. Therefore, it’s generally not recommended to use cookies for sensitive information or data that should not be exposed.

Additionally, cookies can be disabled on the client’s browser, so it’s important to have a fallback mechanism in place if the cookies are not available.

Cookies can also have an expiration time set, so that they are automatically deleted from the client’s browser after a certain period. You can set the expiration time when you set the cookie, for example:

setcookie("username", "John Doe", time()+3600);

The above code will set the expiration time of the cookie to 1 hour from the time it is set.

Related Posts:

• PHP Form Handling
• PHP Form Validation
• PHP Variables
• HTML Forms
• Java Variables
• PHP Syntax
• Understanding “Unsafe Value Used in a Resource URL Context”
• JavaScript Output