System variables in PHP

What are these server variables and what are they for? We discuss some of the most useful.

In previous articles we have addressed the issue of variables. So far we have explained how to create our own variables and store values, but if we talk about variables in PHP we cannot fail to mention system variables.

To understand system variables you have to appreciate that PHP is a language that runs on the server, on demand from a client. Therefore, the execution of PHP occurs within a very specific framework, where several actors intervene, mainly the client (usually the user who enters using their browser) and the server (where the PHP code is executed, which basically must produce the output to be sent to the client).

Now that you have assimilated the nature of PHP as a server-side language, you must understand that in this framework there is various information that can be useful when running web applications. Within a PHP page we will therefore have access to a whole series of variables that inform us about our server and about the client that has requested a certain page. We call this information, which we can collect in the form of variables, “system variables”.

Note: The information of these variables is attributed by the server and in no case is it possible for us to modify their values ​​directly through the script. To do so it is necessary to directly influence the property they define.

$_SERVER

Most of the system variables can be received from an array called $_SERVER.

Note: $_SERVER is an associative array, whose indices are strings, not numbers. We haven’t covered the topic of , yet, but we’ll look at it in more detail later.

Technically $_SERVER is known as a “superglobal variable”, which we’ll talk about later in this article. There is a multitude of data associated with the $_SERVER array, some of which are apparently useless and others that are really interesting and have a direct application for our web applications. Here we list some of these variables and the information they provide us:

• $_SERVER It mainly informs us about the operating system and the type and version of the browser used by the Internet user. Its main utility is that, based on this information, we can redirect our users to pages optimized for their browser or perform any other type of action in the context of a specific browser.
• $_SERVER Returns the abbreviations of the language considered as main by the browser. This main language or languages ​​can be chosen in the browser options menu. This variable is also extremely useful for sending the Internet user to pages written in their language, if they exist.
• $_SERVER It indicates the URL from which the Internet user has accessed the page. Very interesting to generate dynamic “Back” buttons or to create our own visit statistics systems.
• $_SERVER Returns a string with the URL of the script that is being executed. Very interesting to create buttons to reload the page.
• $_SERVER This is an array that stores the names and contents of the variables sent to the script by URL or by GET forms.
• $_SERVER This is an array that stores the names and contents of the variables sent to the script via a POST form.
• $_SERVER This is an array that stores the names and contents of the cookies. We’ll see what they are later.
• $_SERVER Stores the user variable when entering restricted access pages. Combined with $_SERVER it is ideal for controlling access to the internal pages of the site.
• $_SERVER Stores the password variable when entering restricted access pages. Combined with $_SERVER it is ideal for controlling access to the internal pages of the site.
• $_SERVER Displays the IP address of the visitor.
• $_SERVER Returns the physical path where the page is hosted on the server.
• $_SERVER Saves the user’s session identifier. We will see later what the sessions consist of.

Not all of these variables are available on all servers or on certain versions of the same server. Furthermore, some of them must be previously activated or defined by means of some event. Thus, for example, the variable $HTTP_REFERER will not have a defined value, unless the Internet user accesses the script from a link from another page.

If you want to see what is the complete set of system variables that you have inside $_SERVER in your environment, it is enough to write and execute a PHP page that contains this code:

That will list the entire contents of the $_SERVER associative array and output it to the web page.

superglobal variables

As of PHP 4.1.0, there is a set of array variables that hold system information, called “superglobals” because they are automatically defined in a global scope and can be accessed from anywhere in the PHP code.

Note: These variables already existed in PHP before, although they were accessed from other arrays. If you read old PHP articles, or have known PHP for a long time, it may make clear to you that some of these superglobal variables were previously accessed via $HTTP_*_VARS type arrays. For example $_GET was formerly $HTTP_GET_VARS or $_POST was formerly $HTTP_POST_VARS. The old way of referencing superglobal variables can still be enabled on some servers, from the php.ini with the register_long_arrays directive.

The list of these PHP superglobal variables is as follows:

$GLOBALS

Contains a reference to each variable available in the spectrum of script variables. The keys of this array (array indices) are the names of the global variables. $GLOBALS has existed since PHP 3.

$_SERVER

Variables defined by the web server or directly related to the environment in which the script is running. It is equivalent to what was previously known as $HTTP_SERVER_VARS. They are the system variables that we have explained earlier in this article.

$_GET

Variables supplied to the script via HTTP GET. It is equivalent to what was previously known as $HTTP_GET_VARS.

$_POST

Variables provided to the script via HTTP POST. It is equivalent to what was previously known as $HTTP_POST_VARS.

$_COOKIE

Variables provided to the script via HTTP cookies. It is equivalent to what was previously known as $HTTP_COOKIE_VARS.

$_FILES

Variables provided to the script via HTTP file uploads. It is equivalent to what was previously known as $HTTP_POST_FILES.

$_ENV

Variables provided to the script via the environment. It is equivalent to what was previously known as $HTTP_ENV_VARS.

$_REQUEST

Variables supplied to the script via any user input mechanism. The presence and order in which variables appear in this array is defined by the variables_order configuration directive. This array does not have an analog in versions prior to PHP 4.1.0.

Note: Since in $_REQUEST you can mix variables that can come from various places, it is usually not recommended to use it, because data can be injected in different ways. If we know the data is coming from a form, it is our thing to use $_POST, which assures us that no entry from another place will contaminate that set of variables. You could only trust $_REQUEST if the operation you want to perform is not really critical to the security of your application.

$_SESSION

Variables registered in the script session. It is equivalent to what was previously known as $HTTP_SESSION_VARS. See also the section Functions for handling sessions for more information.

conclusion

For now we leave this knowledge in the air. We will address each of these superglobal variables in the future, in various parts of the manual. For example, we will see $_SESSION when we talk about the session in PHP, $_POST when we explain the submission of forms, etc.