Section 5.10. Superglobals


5.10. Superglobals

Variables that come into PHP arrive inside one of several special arrays known collectively as the superglobals , so named because they are available throughout your script, even inside objects and other arrays. Superglobals include form data sent from your visitor, cookie data, session information, local server information, and more, making them good to keep around. Superglobals were not available in PHP prior to v4.1, but there were older alternatives that provided much of the functionality. Superglobals are superior, though, so it is recommended that all new scripts use them.

There are nine superglobal arrays available for use, categorized by type of variable. These are shown in Table 5-2.

Table 5-2. The superglobal arrays

Name

Functionality

$_GET

Contains all variables sent via a HTTP GET request. For example, a URL of myfile.php?name=Paul would load myfile.php and give you $_GET["name"] with the value "Paul". Users of older PHP versions will have used $HTTP_GET_VARS array, which, although deprecated, is still available for use.

$_POST

Contains all variables sent via a HTTP POST request. This is similar to the old $HTTP_POST_VARS array, which, although deprecated, is still available for use.

$_FILES

Contains all variables sent via a HTTP POST file upload. This is similar to the old $HTTP_POST_FILES array, which is also deprecated.

$_COOKIE

Contains all variables sent via HTTP cookies. This is similar to the old $HTTP_COOKIE_VARS array, which is deprecated like the rest. See Chapter 10 for more information on cookies.

$_REQUEST

Contains all variables sent via HTTP GET, HTTP POST, and HTTP cookies. This is basically the equivalent of combining $_GET, $_POST, and $_COOKIE, and is less dangerous than using $GLOBALS. However, as it does contain all variables from untrusted sources (that is, your visitors), it is best avoided. There's no equivalent to $_REQUEST in versions of PHP before v4.1.

$_SESSION

Contains all variables stored in a user's session (server-side data store). This is similar to the old $HTTP_SESSION_VARS array, which is deprecated. See Chapter 10 for more information on sessions.

$_SERVER

Contains all variables set by the web server you are using, or other sources that directly relate to the execution of your script (see examples in the next section). This is similar to the old $HTTP_SERVER_VARS array, which is deprecated.

$_ENV

Contains all environment variables set by your system or shell for the script (see examples in the next section). This is similar to the old $HTTP_ENV_VARS array, which is deprecated.

$GLOBALS

An array containing all global variables in your script, including other superglobals. $GLOBALS has been available since PHP 3, and its operation has not changed.


Many programmers still use the old syntax for these variables ($HTTP_SERVER_VARS, etc.), so you may wonder why they are deprecated. There are two differences between the old versions and the new versions:

  1. The new versions are much shorter to type. Most people would rather type $_GET than $HTTP_GET_VARS each time they want to access a variable.

  2. The new versions are automatically global everywhere in your script, even inside functions. The older variables were not available inside functions unless you specifically requested for them to be available.

There are two superglobal arrays that you should avoid unless you particularly need them, namely, $GLOBALS and $_REQUEST. Both of these arrays are combinations of the other arrays and may include untrusted user data. When you use $_COOKIE['somevar'], you know that the value has come from a cookie on the user's machine, and not from someone editing your site's URL. When using $_REQUEST['somevar'], you no longer have that guarantee, and you are left wholly trusting the user. Of course, it is also possible that a user has edited the cookie on her machine, so place no more trust in $_COOKIE data than you have to.

Scripts written before superglobals were available need to be converted to use them. If you would rather not convert the scripteither because you need the backward compatibility with very old PHP versions, or you simply don't have the timethen you have two options:

  1. Enable register_globals in your php.ini file. This will revert PHP back to its insecure, pre-4.1 functionalitythe superglobals will still be there, but all input will be automatically converted into variables.

  2. Use the function import_request_variables( ) to extract a given superglobal's contents into normal variables.

One important thing to note is that $GLOBALS always contains itself too, which means that if you try to cycle through each variable in $GLOBALS in some older versions of PHP, you will enter into a recursive loop. Modern PHP releases detect array recursion and print the message "*RECURSION*" when $GLOBALS tries to print itself.



PHP in a Nutshell
Ubuntu Unleashed
ISBN: 596100671
EAN: 2147483647
Year: 2003
Pages: 249

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net