Global Arrays

These tutorials are about PHP and its use for server-side Web programming.

PHP Global Arrays

If you are not familiar with arrays, then you probably want to review those before looking at this section.

In order to store information coming from both the client and server and pertaining to the current execution of a script. PHP has a series of arrays defined. These arrays are sometimes referred to as the superglobals since, in a standard PHP configuration, they are directly accessible from any point in the code, within functions or without. Depending on your cofiguration, you may need to use the global keyword to include these arrays in a function, however, the superglobal array $GLOBALS[] is always accessible from anywhere in the code.

You will also find these arrays referred to as environmental variables, since they store information about the environment in which the script is running. I tend to use this term throughout my notes, snice it more accurately reflects the purpose of these arrays. Each array gains it name from the portion of the environment it is responsible for tracking.

Most global array values have three different ways of being referenced. The array has a short-form and a long-form for the name, and the array element can be addressed indivdually as its own variable. There are differences on when you can use each format.

For instance, the array $HTTP_POST_VARS[] has a short form of $_POST[].This is the result of different PHP versions and changing standards. $HTTP_POST_VARS[] is the old array name and is not guaranteed to work on future version of PHP. $_POST[] is the new array name and does not work on anything before PHP4. Unless you are working on an older server, it is recommended that you use the newer short version. It also has the benefit of being less to type.

The global arrays are all associative arrays. This means the value is associated with a name that is the index key for the contents and, sensibly, describes what the value represents. For instance, $_SERVER["SCRIPT_NAME"] contains the URL path to the current page.

Sometimes you can also access the values of the array directly by variable name. This varialbe name is the same as the index key for the array. Thus, the variable name for $_SERVER["SCRIPT_NAME"] would be $SCRIPT_NAME.

The sometimes part comes into play because in order to do this, the PHP setting for register_globals needs to be turned on. When turned on,this setting allows PHP to create variables based on all the global array values automatically. In PHP3 this is turned on by default. In PHP4 this is turned off by default. The reason for this shift of policy is security. It is possible to hack the system by sending it bogus variables that will capture system information and return it to the user when the global variables are automatically registered. Manual processing from the array allows the programmer to screen all incoming data first.

At its most basic, the screening process works like this:

$formField1 = '';
foreach ($_POST as $key => $value) {
  if (isset(${$key}) {
    ${$key} = $value;
    }
  }

What this could would do would be to only accept a value from the $_POST[] array if it had an index key of $formField1 and assign it to the variable $formField1. Any variables the programmer was not expecting would be ignored, preventing the user from trying to pass bogus variables. The isset function returns true if a variable already has a value, an empty string being a legal value, Thus the code would only overwrite existing variables and not allow any new ones to be created. Note the use of variable variables so we don't have to test each internal value separately,

The Global Array List

So what are the global arrays? Well here is the list.

Old Form	New Form	Description
`--`	`$GLOBALS[]`	The complete list of all global variables, including user defined variables at the global level.
`$HTTP_GET_VARS[]`	`$_GET[]`	All variables received as part of a query string in the requesting URL, or HTML form data transmitted using the GET method.
`$HTTP_POST_VARS[]`	`$_POST[]`	All variables recieved as an inline posted data set, normally through using the POST method in an HTML form.
`$HTTP_POST_FILES[]`	`$_FILES[]`	References to all files received, most commonly from HTML forms, using the POST method.
`$HTTP_COOKIE_VARS[]`	`$_COOKIE[]`	Any cookies returned from the client. The index key name matches the cookie name.
`--`	`$_REQUEST[]`	A more recent addition that stores all user variables, including elements from the `$_GET[]`, `$_POST[]`, and `$_COOKIE[]` arrays. Prior to PHP4.3, this also includes the `$_FILES[]` array.
`$HTTP_SERVER_VARS[]`	`$_SERVER[]`	Information about the server session and the HTTP connection with the client.
`$HTTP_ENV_VARS[]`	`$_ENV[]`	Information about the server environment and system defined values.
`$HTTP_SESSION_VARS[]`	`$_SESSION[]`	IF PHP is being used for session management, this array is to store any session variables that need to be stored on the server between calls from the client.

The `$_SERVER[]` Array

Most of the global arrays store various types of values defined by the programmer. This means there isn't much that can be said about their contents since that is entirely specific to the current script. The exceptions are the $_SERVER[] array, which stores system information related to the execution of the current script, and $_ENV[] which stores information about the general system environment. These have many predefined values which we can talk about and which are useful to be aware of. For now we will focus on the $_SERVER[] array. It has values that are of immediate use to us in learning PHP. The elements in the $_ENV[] array only come in to place for advanced PHP coding and server management. Although, if you want to know the default mail message for the system, it can found under $_ENV["MAILMSG"]

The $_SERVER[] array maintains server information that pertains to hte current session and information received from the client in the HTTP header of the client request. The names of these elements, wwhere relevant, adhere to the current standards for CGI scripting. Others come from the HTTP specifications,usually matching the names of the header fields. The following list is a list of most of the elements in the $_SERVER[] array and they are used for.

HTTP Elements

Here are the most common HTTP elements. Note that there are many other HTTP headers, including many of no use to PHP, so it ignores them, but these are the ones that contain information useful to successfully serving up content to a client.

HTTP_ACCEPT

Contains a comma separated list of the MIME types the client is willing to accept. For instance:
text/html, image/png, image/jpeg, image/gif, */*

HTTP_ACCEPT_CHARSET

Contains a comma separated list of the character encodings the client is willing to accept. For instance:
utf-8, utf-16, iso-8859-1, *

HTTP_ACCEPT_ENCODING

Contains a comma separated list of the file encodings the client is willing to accept. For instance:
deflate, gzip, x-gzip, identity,

HTTP_ACCEPT_LANGUAGE

Contains a comma separated list of the languages the client is expected the text content to be presented in. For instance:
en,ja,fr

HTTP_CONNECTION

Details the expected nature of the HTTP connection between the client and server. Normally it contains the value Keep-Alive.

HTTP_HOST

Contains the fully qualified name of the current server as defined by the Domain Name System.

HTTP_REFERER

Contains the complete URL of the document or resource that requested the courrent resource.

HTTP_USER_AGENT

Contains information on the browser other other user agent being used to request content. Here are some sample user agent strings.

Opera 7.2
Opera/7.23 (Windows NT 5.1; U) [en]
Netscape 7.1
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
MSIE 6.0
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Openwave SDK 6.2.2 (cell phone browser)
OPWW-SDK/62 UP.Browser/6.2.2.1/208 (GUI) MMP/2.0

CGI Elements

Many of the elements that show up are from the CGI specifications. Here is the list of those and what they contain.

SERVER_SOFTWARE: This contains a string that identifies the server. If the server is running PHP, this will also be specified here.
Apache/1.3.29 (Unix) PHP/4.3.4
SERVER_NAME: The host name, DNS alias, or IP address of the server hosting the current script.
SERVER_ADDR: The IP address of the server.
GATEWAY_INTERFACE: The version of the CGI standard used by the server. Normally this is CGI/1.1.
SERVER_PROTOCOL: The name and version of the request protocol. Normally this is HTTP/1.1.
SERVER_PORT: The server port to which the request was sent. The default port for HTTP calls is port 80.
REQUEST_METHOD: The method used by the client to request the document. For most Web page requested, this will be either GET or POST.
PATH_INFO: Path information provided by the client pointing to the location of the requested resource on the server.
PATH_TRANSLATED: The requested path info as translated by the server to reflect any aliasing and redirection specified on the server. For instance, here a path of /~kantopet/ as specified in the URL maps to /home/kantopet/homepage/ on the server.
SCRIPT_NAME: The name, including path, of the the current resource, document, or script as specified in the URL. This is also aliased to the elements REQUEST_URI and PHP_SELF in the array. The first is a the server version of the data field, the second the PHP version. The second is the more commonly used array element in PHP programming.
SCRIPT_FILENAME: The translated pathname for SCRIPT_NAME. This contains the server path to the resource. This is not really part of the CGI standard, but it is a good place to include it.
QUERY_STRING: Contains the query string, which is everything after the question mark (but before the hash mark) in the URL.
REMOTE_HOST: The name of the requesting host. If the requesting host has no DNS, this field is blank.
REMOTE_ADDR: The IP address of the requesting machine.
AUTH_TYPE: Specifies the authentication method for a restricted resource.
REMOTE_USER: Specifies the user name in a password protected session. The array does not store the password.
REMOTE_IDENT: Used to specify the user name retrieved from the client through an identd identification check (RFC 931). This string is easily spoofed and should never be used for authentication.
CONTENT_TYPE: The content type of queries with attachments from the client, such as a POST query.
CONTENT_LENGTH: The length of the attached content in a such a query.

Other Server Elements

The $_SERVER[] array also includes some general info provided by the server for its own reference. Here is the basic set.

DOCUMENT_ROOT: The document root defines where the server is to look for documents when it isn't told to look elsewhere. It is the default resource directory.
PATH: The path is the path variable. It specifies where to look for object files and other executables.
REMOTE_PORT: The port on the client from which the request was made.
SERVER_ADMIN: This element normally contains the e-mail address of the administrator for the server.
SERVER_SIGNATURE: The signature of the server is comprised of the server software, the DNS alias and the port number. The campus server here at HVCC is currently
Apache/1.3.29 Server at academ.hvcc.edu Port 80

These pages can be found at: [http://academ.hvcc.edu/~kantopet/]
Copyright 2003 -- Peter L. Kantor[kantopet@hvcc.edu]
Last Updated January 2003