Server configuration and request information—including form parameters and cookies—are accessible in three different ways from your PHP scripts, as described in this section. Collectively, this information is referred to as EGPCS (environment, GET, POST, cookies, and server).
If the register_globals option in php.ini is enabled, PHP creates a separate global variable for every form parameter, every piece of request information, and every server configuration value. This functionality is convenient but dangerous, as it lets the browser provide initial values for any of the variables in your program. The (negative) effects this can have on your program's security are explained in Chapter 12.
Regardless of the setting of register_globals, PHP creates six global arrays that contain the EGPCS information.
The global arrays are:
Because names like $HTTP_GET_VARS are long and awkward to use, PHP provides shorter aliases: $_COOKIE, $_GET, $_POST, $_FILES, $_SERVER, and $_ENV. These variables are not only global, but also visible from within function definitions, unlike their longer counterparts. These short variables are the recommended way to access EGPCS values. The $_REQUEST array is also created by PHP if the register_globals option is on; however, there is no corresponding $HTTP_REQUEST_VARS array. The $_REQUEST array contains the elements of the $_GET, $_POST, and $_COOKIE arrays.
PHP also creates a variable called $PHP_SELF, which holds the name of the current script, relative to the document root (e.g., /store/cart.php). This value is also accessible as $_SERVER['PHP_SELF']. This variable is useful when creating self-referencing scripts, as we'll see later.
Copyright © 2003 O'Reilly & Associates. All rights reserved.