|
|
Predefined Variables
PHP provides a large number of predefined variables to all scripts. The
variables represent everything from
external variables to
built-in environment variables, last error messages to last retrieved
headers.
See also the FAQ titled
"How does register_globals affect me?"
Superglobals
Superglobals are built-in variables that are always available in all scopes
Description
Several predefined variables in PHP are "superglobals", which means they
are available in all scopes throughout a script. There is no need to do
global $variable; to access them within functions
or methods.
These superglobal variables are:
- $GLOBALS
- $_SERVER
- $_GET
- $_POST
- $_FILES
- $_COOKIE
- $_SESSION
- $_REQUEST
- $_ENV
Notes
Note:
Variable availability
By default, all of the superglobals are available but there are
directives that affect this availability. For further information, refer
to the documentation for
variables_order.
Note:
Dealing with register_globals
If the deprecated register_globals
directive is set to on then the variables within will
also be made available in the global scope of the script. For example,
$_POST['foo'] would also exist as $foo.
For related information, see the FAQ titled
"How does register_globals affect me?"
Note:
Variable variables
Superglobals cannot be used as
variable variables
inside functions or class methods.
$GLOBALS
References all variables available in global scope
Description
An associative array containing references to all variables which
are currently defined in the global scope of the script. The
variable names are the keys of the array.
Examples
Example #1 $GLOBALS example
<?php
function test() {
$foo = "local variable";
echo '$foo in global scope: ' . $GLOBALS["foo"] . "\n";
echo '$foo in current scope: ' . $foo . "\n";
}
$foo = "Example content";
test();
?>
The above example will output
something similar to:
$foo in global scope: Example content
$foo in current scope: local variable
Notes
Note: This is a 'superglobal', or
automatic global, variable. This simply means that it is available in
all scopes throughout a script. There is no need to do
global $variable; to access it within functions or methods.
Note:
Variable availability
Unlike all of the other superglobals,
$GLOBALS has essentially always been available in PHP.
$_SERVER
$HTTP_SERVER_VARS [removed]
Server and execution environment information
Description
$_SERVER is an array containing information
such as headers, paths, and script locations. The entries in this
array are created by the web server. There is no guarantee that
every web server will provide any of these; servers may omit some,
or provide others not listed here. That said, a large number of
these variables are accounted for in the » CGI/1.1 specification, so you should
be able to expect those.
Note:
Prior to PHP 5.4.0, $HTTP_SERVER_VARS contained the same initial
information, but was not a superglobal.
(Note that $HTTP_SERVER_VARS and $_SERVER
were different variables and that PHP handled them as such.)
Indices
You may or may not find any of the following elements in
$_SERVER. Note that few, if any, of these will be
available (or indeed have any meaning) if running PHP on the
command line.
-
'PHP_SELF'
-
The filename of the currently executing script, relative to
the document root. For instance,
$_SERVER['PHP_SELF'] in a script at the
address http://example.com/foo/bar.php
would be /foo/bar.php.
The __FILE__
constant contains the full path and filename of the current (i.e.
included) file.
If PHP is running as a command-line processor this variable contains
the script name since PHP 4.3.0. Previously it was not available.
-
'argv'
-
Array of arguments passed to the script. When the script is
run on the command line, this gives C-style access to the
command line parameters. When called via the GET method, this
will contain the query string.
-
'argc'
-
Contains the number of command line parameters passed to the
script (if run on the command line).
-
'GATEWAY_INTERFACE'
-
What revision of the CGI specification the server is using;
i.e. 'CGI/1.1'.
-
'SERVER_ADDR'
-
The IP address of the server under which the current script is
executing.
-
'SERVER_NAME'
-
The name of the server host under which the current script is
executing. If the script is running on a virtual host, this
will be the value defined for that virtual host.
Note:
Under Apache 2, you must set UseCanonicalName = On
and ServerName. Otherwise, this value reflects the
hostname supplied by the client, which can be spoofed.
It is not safe to rely on this value in security-dependent contexts.
-
'SERVER_SOFTWARE'
-
Server identification string, given in the headers when
responding to requests.
-
'SERVER_PROTOCOL'
-
Name and revision of the information protocol via which the
page was requested; i.e. 'HTTP/1.0';
-
'REQUEST_METHOD'
-
Which request method was used to access the page; i.e. 'GET',
'HEAD', 'POST', 'PUT'.
Note:
PHP script is terminated after sending headers (it means after
producing any output without output buffering) if the request method
was HEAD.
-
'REQUEST_TIME'
-
The timestamp of the start of the request. Available since PHP 5.1.0.
-
'REQUEST_TIME_FLOAT'
-
The timestamp of the start of the request, with microsecond precision.
Available since PHP 5.4.0.
-
'QUERY_STRING'
-
The query string, if any, via which the page was accessed.
-
'DOCUMENT_ROOT'
-
The document root directory under which the current script is
executing, as defined in the server's configuration file.
-
'HTTP_ACCEPT'
-
Contents of the Accept: header from the
current request, if there is one.
-
'HTTP_ACCEPT_CHARSET'
-
Contents of the Accept-Charset: header
from the current request, if there is one. Example:
'iso-8859-1,*,utf-8'.
-
'HTTP_ACCEPT_ENCODING'
-
Contents of the Accept-Encoding: header
from the current request, if there is one. Example: 'gzip'.
-
'HTTP_ACCEPT_LANGUAGE'
-
Contents of the Accept-Language: header
from the current request, if there is one. Example: 'en'.
-
'HTTP_CONNECTION'
-
Contents of the Connection: header from
the current request, if there is one. Example: 'Keep-Alive'.
-
'HTTP_HOST'
-
Contents of the Host: header from the
current request, if there is one.
-
'HTTP_REFERER'
-
The address of the page (if any) which referred the user
agent to the current page. This is set by the user agent. Not
all user agents will set this, and some provide the ability
to modify HTTP_REFERER as a feature. In
short, it cannot really be trusted.
-
'HTTP_USER_AGENT'
-
Contents of the User-Agent: header from
the current request, if there is one. This is a string
denoting the user agent being which is accessing the page. A
typical example is: Mozilla/4.5 [en] (X11; U;
Linux 2.2.9 i586). Among other things, you
can use this value with get_browser to
tailor your page's output to the capabilities of the user
agent.
-
'HTTPS'
-
Set to a non-empty value if the script was queried through the HTTPS
protocol.
Note:
Note that when using ISAPI with IIS, the value will be
off if the request was not made through the HTTPS
protocol.
-
'REMOTE_ADDR'
-
The IP address from which the user is viewing the current
page.
-
'REMOTE_HOST'
-
The Host name from which the user is viewing the current
page. The reverse dns lookup is based off the
REMOTE_ADDR of the user.
Note:
Your web server must be configured to create this variable. For
example in Apache you'll need HostnameLookups On
inside httpd.conf for it to exist. See also
gethostbyaddr.
-
'REMOTE_PORT'
-
The port being used on the user's machine to communicate with
the web server.
-
'REMOTE_USER'
-
The authenticated user.
-
'REDIRECT_REMOTE_USER'
-
The authenticated user if the request is internally redirected.
-
'SCRIPT_FILENAME'
-
The absolute pathname of the currently executing script.
Note:
If a script is executed with the CLI, as a relative path,
such as file.php or
../file.php,
$_SERVER['SCRIPT_FILENAME'] will
contain the relative path specified by the user.
-
'SERVER_ADMIN'
-
The value given to the SERVER_ADMIN (for Apache) directive in
the web server configuration file. If the script is running
on a virtual host, this will be the value defined for that
virtual host.
-
'SERVER_PORT'
-
The port on the server machine being used by the web server
for communication. For default setups, this will be '80';
using SSL, for instance, will change this to whatever your
defined secure HTTP port is.
Note:
Under the Apache 2, you must set UseCanonicalName = On,
as well as UseCanonicalPhysicalPort = On in order to
get the physical (real) port, otherwise, this value can be spoofed and it
may or may not return the physical port value.
It is not safe to rely on this value in security-dependent contexts.
-
'SERVER_SIGNATURE'
-
String containing the server version and virtual host name
which are added to server-generated pages, if enabled.
-
'PATH_TRANSLATED'
-
Filesystem- (not document root-) based path to the current
script, after the server has done any virtual-to-real
mapping.
Note:
As of PHP 4.3.2, PATH_TRANSLATED is no longer set
implicitly under the Apache 2 SAPI in contrast
to the situation in Apache 1, where it's set to the same value as
the SCRIPT_FILENAME server variable when it's not
populated by Apache. This change was made to comply with the
CGI specification that
PATH_TRANSLATED should only exist if
PATH_INFO is defined.
Apache 2 users may use AcceptPathInfo = On inside
httpd.conf to define PATH_INFO.
-
'SCRIPT_NAME'
-
Contains the current script's path. This is useful for pages
which need to point to themselves.
The __FILE__
constant contains the full path and filename of the current (i.e.
included) file.
-
'REQUEST_URI'
-
The URI which was given in order to access this page; for
instance, '/index.html'.
-
'PHP_AUTH_DIGEST'
-
When doing Digest HTTP authentication this variable is set
to the 'Authorization' header sent by the client (which you
should then use to make the appropriate validation).
-
'PHP_AUTH_USER'
-
When doing HTTP authentication this variable is set to the
username provided by the user.
-
'PHP_AUTH_PW'
-
When doing HTTP authentication this variable is set to the
password provided by the user.
-
'AUTH_TYPE'
-
When doing HTTP authentication this variable is set to the
authentication type.
-
'PATH_INFO'
-
Contains any client-provided pathname information trailing the
actual script filename but preceding the query string, if
available. For instance, if the current script was accessed via
the
URL http://www.example.com/php/path_info.php/some/stuff?foo=bar,
then $_SERVER['PATH_INFO'] would
contain /some/stuff.
-
'ORIG_PATH_INFO'
-
Original version of 'PATH_INFO' before processed by
PHP.
Examples
Example #2 $_SERVER example
<?php
echo $_SERVER['SERVER_NAME'];
?>
The above example will output
something similar to:
Notes
Note: This is a 'superglobal', or
automatic global, variable. This simply means that it is available in
all scopes throughout a script. There is no need to do
global $variable; to access it within functions or methods.
$_GET
$HTTP_GET_VARS [deprecated]
HTTP GET variables
Description
An associative array of variables passed to the current script
via the URL parameters.
$HTTP_GET_VARS contains the same initial
information, but is not a superglobal.
(Note that $HTTP_GET_VARS and $_GET
are different variables and that PHP handles them as such)
Examples
Example #3 $_GET example
<?php
echo 'Hello ' . htmlspecialchars($_GET["name"]) . '!';
?>
Assuming the user entered http://example.com/?name=Hannes
The above example will output
something similar to:
Notes
Note: This is a 'superglobal', or
automatic global, variable. This simply means that it is available in
all scopes throughout a script. There is no need to do
global $variable; to access it within functions or methods.
Note:
The GET variables are passed through urldecode.
$_POST
$HTTP_POST_VARS [deprecated]
HTTP POST variables
Description
An associative array of variables passed to the current script
via the HTTP POST method when using application/x-www-form-urlencoded
or multipart/form-data as the HTTP Content-Type in the request.
$HTTP_POST_VARS contains the same initial
information, but is not a superglobal.
(Note that $HTTP_POST_VARS and $_POST
are different variables and that PHP handles them as such)
Examples
Example #4 $_POST example
<?php
echo 'Hello ' . htmlspecialchars($_POST["name"]) . '!';
?>
Assuming the user POSTed name=Hannes
The above example will output
something similar to:
Notes
Note: This is a 'superglobal', or
automatic global, variable. This simply means that it is available in
all scopes throughout a script. There is no need to do
global $variable; to access it within functions or methods.
$_FILES
$HTTP_POST_FILES [deprecated]
HTTP File Upload variables
Description
An associative array of items uploaded to the current script
via the HTTP POST method. The structure of this array is outlined in the
POST method uploads
section.
$HTTP_POST_FILES contains the same initial
information, but is not a superglobal.
(Note that $HTTP_POST_FILES and $_FILES
are different variables and that PHP handles them as such)
Notes
Note: This is a 'superglobal', or
automatic global, variable. This simply means that it is available in
all scopes throughout a script. There is no need to do
global $variable; to access it within functions or methods.
$_REQUEST
HTTP Request variables
Description
An associative array that by default contains the contents of
$_GET,
$_POST and
$_COOKIE.
Notes
Note: This is a 'superglobal', or
automatic global, variable. This simply means that it is available in
all scopes throughout a script. There is no need to do
global $variable; to access it within functions or methods.
Note:
When running on the command line
, this will not include the
argv and
argc entries; these are
present in the $_SERVER
array.
Note:
The variables in $_REQUEST are provided to the
script via the GET, POST, and COOKIE input mechanisms and
therefore could be modified by the remote user and cannot be
trusted. The presence and order of variables listed in this array
is defined according to the
PHP variables_order
configuration directive.
$_SESSION
$HTTP_SESSION_VARS [deprecated]
Session variables
Description
An associative array containing session variables available to
the current script. See the Session
functions documentation for more information on how this
is used.
$HTTP_SESSION_VARS contains the same initial
information, but is not a superglobal.
(Note that $HTTP_SESSION_VARS and $_SESSION
are different variables and that PHP handles them as such)
Notes
Note: This is a 'superglobal', or
automatic global, variable. This simply means that it is available in
all scopes throughout a script. There is no need to do
global $variable; to access it within functions or methods.
$_ENV
$HTTP_ENV_VARS [deprecated]
Environment variables
Description
An associative array of variables passed to the current script
via the environment method.
These variables are imported into PHP's global namespace from the
environment under which the PHP parser is running. Many are
provided by the shell under which PHP is running and different
systems are likely running different kinds of shells, a
definitive list is impossible. Please see your shell's
documentation for a list of defined environment variables.
Other environment variables include the CGI variables, placed
there regardless of whether PHP is running as a server module or
CGI processor.
$HTTP_ENV_VARS contains the same initial
information, but is not a superglobal.
(Note that $HTTP_ENV_VARS and $_ENV
are different variables and that PHP handles them as such)
Examples
Example #5 $_ENV example
<?php
echo 'My username is ' .$_ENV["USER"] . '!';
?>
Assuming "bjori" executes this script
The above example will output
something similar to:
Notes
Note: This is a 'superglobal', or
automatic global, variable. This simply means that it is available in
all scopes throughout a script. There is no need to do
global $variable; to access it within functions or methods.
$_COOKIE
$HTTP_COOKIE_VARS [deprecated]
HTTP Cookies
Description
An associative array of variables passed to the current script
via HTTP Cookies.
$HTTP_COOKIE_VARS contains the same initial
information, but is not a superglobal.
(Note that $HTTP_COOKIE_VARS and $_COOKIE
are different variables and that PHP handles them as such)
Examples
Example #6 $_COOKIE example
<?php
echo 'Hello ' . htmlspecialchars($_COOKIE["name"]) . '!';
?>
Assuming the "name" cookie has been set earlier
The above example will output
something similar to:
Notes
Note: This is a 'superglobal', or
automatic global, variable. This simply means that it is available in
all scopes throughout a script. There is no need to do
global $variable; to access it within functions or methods.
$php_errormsg
The previous error message
WarningThis feature has been
DEPRECATED as of PHP 7.2.0. Relying on this feature
is highly discouraged.
Description
$php_errormsg is a variable containing the
text of the last error message generated by PHP. This variable
will only be available within the scope in which the error
occurred, and only if the track_errors configuration
option is turned on (it defaults to off).
Warning
If a user defined error handler (set_error_handler)
is set $php_errormsg is only set if the error handler
returns FALSE.
Examples
Example #7 $php_errormsg example
<?php
@strpos();
echo $php_errormsg;
?>
The above example will output
something similar to:
Wrong parameter count for strpos()
$HTTP_RAW_POST_DATA
Raw POST data
Description
WarningThis feature was
DEPRECATED in PHP 5.6.0, and
REMOVED as of PHP 7.0.0.
$HTTP_RAW_POST_DATA contains the raw POST data.
See always_populate_raw_post_data.
In general,
php://input
should be used instead of $HTTP_RAW_POST_DATA.
$http_response_header
HTTP response headers
Description
The $http_response_header array is similar to the
get_headers function. When using the
HTTP wrapper,
$http_response_header will be populated with the HTTP
response headers. $http_response_header will be created
in the local scope.
Examples
Example #8 $http_response_header example
<?php
function get_contents() {
file_get_contents("http://example.com");
var_dump($http_response_header);
}
get_contents();
var_dump($http_response_header);
?>
The above example will output
something similar to:
array(9) {
[0]=>
string(15) "HTTP/1.1 200 OK"
[1]=>
string(35) "Date: Sat, 12 Apr 2008 17:30:38 GMT"
[2]=>
string(29) "Server: Apache/2.2.3 (CentOS)"
[3]=>
string(44) "Last-Modified: Tue, 15 Nov 2005 13:24:10 GMT"
[4]=>
string(27) "ETag: "280100-1b6-80bfd280""
[5]=>
string(20) "Accept-Ranges: bytes"
[6]=>
string(19) "Content-Length: 438"
[7]=>
string(17) "Connection: close"
[8]=>
string(38) "Content-Type: text/html; charset=UTF-8"
}
NULL
$argc
The number of arguments passed to script
Description
Contains the number of arguments passed to the current script when running
from the command line.
Note:
The script's filename is always passed as an argument to the script, therefore
the minimum value of $argc is 1.
Note:
This variable is not available when register_argc_argv
is disabled.
Examples
Example #9 $argc example
When executing the example with: php script.php arg1 arg2 arg3
The above example will output
something similar to:
$argv
Array of arguments passed to script
Description
Contains an array of all the arguments passed to the script when running
from the command line.
Note:
The first argument $argv[0] is always the name that was
used to run the script.
Note:
This variable is not available when register_argc_argv
is disabled.
Examples
Example #10 $argv example
When executing the example with: php script.php arg1 arg2 arg3
The above example will output
something similar to:
array(4) {
[0]=>
string(10) "script.php"
[1]=>
string(4) "arg1"
[2]=>
string(4) "arg2"
[3]=>
string(4) "arg3"
}
Table of Contents
|