Home > Backend Development > PHP Tutorial > How to use superglobal variables in PHP

How to use superglobal variables in PHP

PHPz
Release: 2023-05-20 19:02:02
Original
1267 people have browsed it

Super global variables in PHP refer to variables that can be accessed in the global scope. Each super global variable is an associative array, which contains many predefined variables in PHP, such as $_GET, $_POST, $_COOKIE and so on. These superglobal variables are very important in web development because they provide an important way to obtain information from user requests, such as obtaining form data, obtaining URL parameters, etc.

This article will introduce in detail the commonly used superglobal variables in PHP, including their functions, how to use them, and how to avoid security issues.

1. $_GET

$_GET is an associative array that contains all parameters passed through the URL. For example, if the requested URL is http://example.com/index.php?name=John&age=25, then the $_GET array will contain the following elements:

array(
    'name' => 'John',
    'age' => '25'
);
Copy after login

We can access it in the following ways These values:

echo $_GET['name']; // 输出 'John'
echo $_GET['age']; // 输出 '25'
Copy after login

2. $_POST

$_POST is also an associative array that contains all form data submitted through the POST method. We can use it to get the data from the form, as shown below:

<form action="process.php" method="post">
    <input type="text" name="name" />
    <input type="submit" value="Submit">
</form>
Copy after login

When submitting the form, we can use the $_POST super global variable to get the submitted data:

echo $_POST['name'];
Copy after login

3. $_COOKIE

$_COOKIE is an associative array that contains all cookies sent in the current request. In most cases, we can use the $_COOKIE variable to read previously set cookies.

setcookie('name', 'John', time() + (86400 * 30), '/');
Copy after login

This will set a cookie in the user's browser named "name" with a value of "John" and will expire after 30 days. We can use the following code to read the value of Cookie:

echo $_COOKIE['name'];
Copy after login

4. $_SESSION

$_SESSION is an associative array that contains all variables stored during the user session. When a user visits your website, $_SESSION is the only thing that distinguishes one user from another.

To store data in Session, you can use the following code:

session_start();
$_SESSION['name'] = 'John';
Copy after login

In this way, we can maintain the state of a certain value throughout the session:

session_start();
echo $_SESSION['name']; // 输出 'John'
Copy after login

5. $_SERVER

$_SERVER is an array containing server and client related information when the current script is running. By using $_SERVER, we can know some information requested by the client, for example:

  • Remote access user's IP address: $_SERVER['REMOTE_ADDR']
  • User agent: $ _SERVER['HTTP_USER_AGENT']
  • The file path of the current script: $_SERVER['SCRIPT_FILENAME']
  • The current request method (GET/POST): $_SERVER['REQUEST_METHOD']
  • The root directory where the current script is located: $_SERVER['DOCUMENT_ROOT']

This information is very useful for developers.

6. $_FILES

$_FILES is an array containing information about files in file upload. When uploading files, you can use $_FILES to operate the uploaded files.

You can use the following code to print out the value of $_FILES:

print_r($_FILES);
Copy after login

This will output an array containing file information, for example:

Array
(
    [file] => Array
        (
            [name] => file.txt
            [type] => text/plain
            [tmp_name] => /tmp/phpzAduR5
            [error] => 0
            [size] => 123
        )

)
Copy after login

7. Avoid security issues

Superglobal variables are enabled by default in PHP and developers can use them to easily obtain data in web requests. However, they are also a source of security vulnerabilities.

An attacker can use superglobal variables in web requests to inject malicious code or create vulnerabilities in web applications. Therefore, developers should take the following steps to protect their websites:

  1. Filter input data. You can use the filter_var() function in PHP or regular expressions to filter the input data and ensure that the user does not inject any malicious code.
  2. Validate input data. Developers should validate all input data to ensure it conforms to the expected format and length. For example, when processing email addresses, you can use the filter_var() function to ensure that the email address is in the correct format.
  3. Do not pass superglobal variables directly to SQL queries or commands. This is a good programming practice to avoid SQL injection and other security issues.
  4. Close error reporting. On production servers, PHP's error reporting capabilities should be turned off to prevent attackers from obtaining information about the application architecture and other sensitive information.

Summary

Using super global variables in PHP can easily obtain data in web requests. Developers should carefully understand these variables and use them in creating web applications. However, developers should also understand the security risks of superglobal variables and take the necessary steps to ensure application security.

The above is the detailed content of How to use superglobal variables in PHP. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template