Monday, March 29, 2021

PHP Superglobals Explained—With Cheatsheet

PHP Superglobals Explained—With Cheatsheet

In this post, I'll give you a cheatsheet quick reference to all the PHP superglobal variables available in PHP.

What Is a Superglobal Variable?

Let’s have a look at the definition of superglobal variables.

Superglobals are built-in variables that are always available in all scopes.

Whether you are a seasoned PHP developer or a novice in PHP development, you will have worked with these superglobal variables in one way or another. There are several predefined variables in PHP that are considered as superglobals, which means that you don’t need to use the global keyword to access them. The superglobal variables are available in all scopes of a script.

Let’s have a quick look at the superglobal variables in PHP:

  • $GLOBALS
  • $_SERVER
  • $_GET
  • $_POST
  • $_FILES
  • $_COOKIE
  • $_SESSION
  • $_REQUEST
  • $_ENV

The aim of this article is to go through all the superglobal variables in PHP and explain each one briefly.

PHP Superglobal Quick Reference

$GLOBALS

The $GLOBALS superglobal variable is used to access all the global variables in PHP. Basically, it’s an associative array which holds all variables that are defined in the global scope.

Let’s have a look at the following example to understand how it works.

Firstly, we’ve defined the $website_name variable in the global scope.

Now, when we try to access the $website_name variable in the displayWebsiteName function, it would try to find the $website_name variable in the local scope. And since haven’t defined it in the displayWebsiteName function, you would get the PHP notice complaining that you’re trying to access the undefined variable.

Next, when we try to access it with the $GLOBALS superglobal, it works since the $GLOBALS variable holds references to all global variables.

$_SERVER

The $_SERVER superglobal variable holds the web server and execution environment information. Specifically, it’s initialized by a web server with HTTP headers, paths and script locations.

Let’s have a look at the output of the print_r($_SERVER) command.

Mostly, this contains the server specific information like server name, server port, script name, document root and so on. Apart from that, it may also contain information about the client environment like user agent, remote IP address, cookies and more.

The important thing is that there’s no guarantee that every web server would initialize all this information. Also, if you’re running a script from the command line, none of the SERVER_* variables are initialized, as they are server-specific.

$_GET

When a user submits a form with the GET method, the form data which is sent to a server is available in the $_GET variable. The $_GET superglobal variable contains an array of variables that are passed to the script via query string. Basically, anything which is passed as a part of the URL query string would be available in the $_GET superglobal variable.

Let’s have a look at the following snippet.

In the above example, when a user submits the search form, the value of the keyword field would be sent to a server via a query string.

On the server side, you can access it like this:

It’s important that you must sanitize a user input before it’s processed or displayed back to the browser, and that’s why we’ve used the filter_var function to sanitize the value of the $_GET[‘keyword’] variable.

$_POST

Where the $_GET superglobal variable is used to collect the form data which is submitted with the GET method, the $_POST superglobal variable is used to get the form data for the POST method. The POST form data won’t be displayed in the URL, instead it’s available as a part of the request body.

Let’s have a look at the following snippet.

In the above example, when a user submits the search form, you can access the field values like this on the server side.

When you work with the $_POST data, you must ensure that you’re taking enough measures to sanitize the incoming data, otherwise it could lead to potential attacks on your site.

$_FILES

When a user submits a form which supports file uploads, it is the $_FILES superglobal variable which will be populated with the information of files that are uploaded. It’s a two dimensional array which holds the following attributes of uploaded files.

  • name: name of the file
  • type: type of the file
  • size: size of the file
  • tmp_name: server path of the uploaded file
  • error: error in case file upload is failed

Let’s have a look at the following example to see how file uploads work in PHP.

In the above example, we’ve set the enctype attribute to multipart/form-data, and thus it enables file uploads. When a user submits it, you can use the $_FILES superglobal variable to access the uploaded file information as shown in the following snippet.

The important thing is that the $_FILES["document"]["tmp_name"] variable contains the path of the uploaded file which you could use to move the uploaded file to the desired location. If there’s any error, the $_FILES["document"]["error"] variable will be populated with it.

$_COOKIE

As the name suggests, the $_COOKIE superglobal variable is used to read cookies that are available to the current script. Basically, it allows you to access cookies that are already set by the setcookie function in PHP. The $_COOKIE variable is an associate array which holds all cookie variables that are sent via HTTP cookies.

Let’s assume that you’ve already created the lastVisitedSection cookie with the following snippet.

Now, you can access the lastVisitedSection cookie as shown in the following snippet.

So that’s how you can access cookies in your script.

$_SESSION

If you’ve already worked with sessions in PHP, you'll be aware of the $_SESSION superglobal variable. A session variable allows you to share information across the different pages of a single site or app—thus it helps maintain state. The $_SESSION variable holds an associative array of session variables that are available to the current script.

Let’s have a look at the following example which demonstrates how to set and get a session variable.

The important thing is that the session_start function must be called at the beginning of the script to start a session and initialize the $_SESSION variable.

$_REQUEST

The $_REQUEST superglobal variable is an associative array which holds HTTP request variables. Basically, it’s a combination of the$_GET, $_POST and $_COOKIE superglobal variables. And thus, it’s convenient to use the $_REQUEST variable, specifically if you don’t want to use the aforementioned superglobal variables.

The presence and order of variables in this array depends on the values of request_order and variables_order configuration directives in the php.ini file. You should be always careful when you use the $_REQUEST variable, and in fact, it’s recommended that you should go with $_GET, $_POST and $_COOKIE instead of using this superglobal variable.

$_ENV

The $_ENV superglobal variable is an associative array of variables that are passed to the script by the environment method. It’s useful when you want to set different values for different environments like local, staging and production. In your application, you would have database credentials and configuration variables that are different for each environment, and thus, you could use the $_ENV variable to access them in your script since they are initialized dynamically. There are different ways that you could use to set environment variables.

In PHP, you can use the putenv function to initialize it as shown in the following snippet.

On the other hand, if you want to set an environment variable in the Apache virtual host file use:

You should always prefer the getenv function to get the value of an environment variable.

The important thing is that you should always use the getenv function to retrieve the value of an environment variable, since the $_ENV variable might be empty if you haven’t enabled it via the variables_order configuration directive in the php.ini file. The variables_order configuration directive defines the order in which the EGPCS (Environment, Get, Post, Cookie, and Server) variables will be initialized.

Conclusion

In this article, we’ve gone through all the PHP superglobal variables available in PHP. For every variable, I provided a short but meaningful example which should help you to understand the purpose of it. And I hope you can use this article as a quick reference or a cheatsheet in your day-to-day PHP development.


No comments:

Post a Comment