How to use superglobal variables in PHP

Super global variables in PHP refer to variables that can be accessed in the global scope. Each super global variable is an associative array, which contains many predefined variables in PHP, such as $_GET, $_POST, $_COOKIE and so on. These superglobal variables are very important in web development because they provide an important way to obtain information from user requests, such as obtaining form data, obtaining URL parameters, etc.

This article will introduce in detail the commonly used superglobal variables in PHP, including their functions, how to use them, and how to avoid security issues.

1. $_GET

$_GET is an associative array that contains all parameters passed through the URL. For example, if the requested URL is http://example.com/index.php?name=John&age=25, then the $_GET array will contain the following elements:

array(
    'name' => 'John',
    'age' => '25'
);

We can access it in the following ways These values:

echo $_GET['name']; // 输出 'John'
echo $_GET['age']; // 输出 '25'

2. $_POST

$_POST is also an associative array that contains all form data submitted through the POST method. We can use it to get the data from the form, as shown below:

<form action="process.php" method="post">
    <input type="text" name="name" />
    <input type="submit" value="Submit">
</form>

When submitting the form, we can use the $_POST super global variable to get the submitted data:

echo $_POST['name'];

3. $_COOKIE

$_COOKIE is an associative array that contains all cookies sent in the current request. In most cases, we can use the $_COOKIE variable to read previously set cookies.

setcookie('name', 'John', time() + (86400 * 30), '/');

This will set a cookie in the user's browser named "name" with a value of "John" and will expire after 30 days. We can use the following code to read the value of Cookie:

echo $_COOKIE['name'];

4. $_SESSION

$_SESSION is an associative array that contains all variables stored during the user session. When a user visits your website, $_SESSION is the only thing that distinguishes one user from another.

To store data in Session, you can use the following code:

session_start();
$_SESSION['name'] = 'John';

In this way, we can maintain the state of a certain value throughout the session:

session_start();
echo $_SESSION['name']; // 输出 'John'

5. $_SERVER

$_SERVER is an array containing server and client related information when the current script is running. By using $_SERVER, we can know some information requested by the client, for example:

• Remote access user's IP address: $_SERVER['REMOTE_ADDR']
• User agent: $ _SERVER['HTTP_USER_AGENT']
• The file path of the current script: $_SERVER['SCRIPT_FILENAME']
• The current request method (GET/POST): $_SERVER['REQUEST_METHOD']
• The root directory where the current script is located: $_SERVER['DOCUMENT_ROOT']

This information is very useful for developers.

6. $_FILES

$_FILES is an array containing information about files in file upload. When uploading files, you can use $_FILES to operate the uploaded files.

You can use the following code to print out the value of $_FILES:

print_r($_FILES);

This will output an array containing file information, for example:

Array
(
    [file] => Array
        (
            [name] => file.txt
            [type] => text/plain
            [tmp_name] => /tmp/phpzAduR5
            [error] => 0
            [size] => 123
        )

)

7. Avoid security issues

Superglobal variables are enabled by default in PHP and developers can use them to easily obtain data in web requests. However, they are also a source of security vulnerabilities.

An attacker can use superglobal variables in web requests to inject malicious code or create vulnerabilities in web applications. Therefore, developers should take the following steps to protect their websites:

1. Filter input data. You can use the filter_var() function in PHP or regular expressions to filter the input data and ensure that the user does not inject any malicious code.
2. Validate input data. Developers should validate all input data to ensure it conforms to the expected format and length. For example, when processing email addresses, you can use the filter_var() function to ensure that the email address is in the correct format.
3. Do not pass superglobal variables directly to SQL queries or commands. This is a good programming practice to avoid SQL injection and other security issues.
4. Close error reporting. On production servers, PHP's error reporting capabilities should be turned off to prevent attackers from obtaining information about the application architecture and other sensitive information.

Summary

Using super global variables in PHP can easily obtain data in web requests. Developers should carefully understand these variables and use them in creating web applications. However, developers should also understand the security risks of superglobal variables and take the necessary steps to ensure application security.

The above is the detailed content of How to use superglobal variables in PHP. For more information, please follow other related articles on the PHP Chinese website!