Superglobals in php
Superglobals are built-in variables in php that are always accessible, regardless of scope. They are available from any function, class, or file without needing to use the global keyword.
List of php Superglobalsâ
$GLOBALS$_SERVER$_GET$_POST$_FILES$_COOKIE$_SESSION$_REQUEST$_ENV
$GLOBALSâ
Provides access to all global variables from anywhere in the script:
<?php
$x = 10;
$y = 20;
function addGlobals() {
return $GLOBALS['x'] + $GLOBALS['y'];
}
echo addGlobals(); // 30
?>
$_SERVERâ
Contains information about the server environment and current request:
<?php
echo $_SERVER['PHP_SELF']; // current script path
echo $_SERVER['SERVER_NAME']; // e.g., localhost
echo $_SERVER['HTTP_HOST']; // e.g., www.example.com
echo $_SERVER['REQUEST_METHOD'];// GET or POST
echo $_SERVER['REMOTE_ADDR']; // visitor's IP address
echo $_SERVER['HTTP_USER_AGENT']; // browser info
?>
$_GETâ
Collects data sent via URL query parameters (HTTP GET method):
URL: https://example.com/page.php?name=Alice&age=30
<?php
echo $_GET['name']; // Alice
echo $_GET['age']; // 30
?>
$_POSTâ
Collects data submitted via an HTML form with method="post":
<form method="post" action="process.php">
<input type="text" name="username">
<input type="submit" value="Submit">
</form>
<?php
// process.php
$username = htmlspecialchars($_POST['username'] ?? '');
echo "Hello, $username!";
?>
$_REQUESTâ
Contains data from $_GET, $_POST, and $_COOKIE:
<?php
$name = $_REQUEST['name']; // works for both GET and POST
echo "Received: $name";
?>
Note: It is safer and clearer to use $_GET or $_POST specifically rather than $_REQUEST.
$_FILESâ
Used to handle file uploads:
<form method="post" enctype="multipart/form-data">
<input type="file" name="photo">
<input type="submit">
</form>
<?php
$file = $_FILES['photo'];
echo $file['name']; // original filename
echo $file['size']; // file size in bytes
echo $file['tmp_name']; // temp path on server
echo $file['type']; // MIME type
echo $file['error']; // error code
?>
$_COOKIEâ
Reads cookie values sent by the browser:
<?php
// Set a cookie
setcookie("user", "Alice", time() + 86400); // 1 day
// Read a cookie
if (isset($_COOKIE['user'])) {
echo "Welcome, " . $_COOKIE['user'];
}
?>
$_SESSIONâ
Stores user session data across multiple pages:
<?php
session_start();
$_SESSION['username'] = "Alice";
$_SESSION['role'] = "admin";
echo $_SESSION['username']; // Alice
?>
$_ENVâ
Access environment variables set on the server:
<?php
echo $_ENV['PATH']; // system PATH variable
echo getenv('APP_ENV'); // alternative method
?>
Security Best Practicesâ
- Always validate and sanitize input from
$_GET,$_POST, and$_REQUEST - Use
htmlspecialchars()to prevent XSS attacks - Use prepared statements for database queries to prevent SQL injection
<?php
$name = htmlspecialchars($_POST['name'] ?? '');
echo "Hello, $name";
?>
Finished reading? Mark this topic as complete.