Accessing Global Data with PHP Superglobal Arrays
PHP provides several built-in superglobal arrays that remain accessible throughout all scopes of a script. These variables store environment, user input, and server metadata without requiring explicit scope imports.
The core superglobals include:
$GLOBALS– All variables available in global scope$_SERVER– Server and execution environment information$_REQUEST– Combined data from GET, POST, and COOKIE inputs$_POST– HTTP POST request parameters$_GET– URL query string parameters$_FILES– HTTP File Upload variables$_ENV– Environment variables$_COOKIE– HTTP Cookies$_SESSION– Session variables
Global Variable Repository
The $GLOBALS associative array contains references to every variable defined in the global namespace across the entire script execution. Unlike the global keyword which must declare specific identifiers, $GLOBALS provides programmatic access through string keys representing variable names.
<?php
$width = 12;
$height = 8;
function computeDimensions() {
$GLOBALS['perimeter'] = 2 * ($GLOBALS['width'] + $GLOBALS['height']);
$GLOBALS['area'] = $GLOBALS['width'] * $GLOBALS['height'];
}
computeDimensions();
echo "Perimeter: $perimeter\n"; // Displays 40
echo "Area: $area\n"; // Displays 96
?>
This approach allows functions to register new global variables dynamically without prior declaration outside their local scope.
Server and Request Metadata
The $_SERVER array captures HTTP headers, paths, and script location details supplied by the web server. Common indices include request methods, client IP addresses, and server hostnames.
<?php
$protocol = isset($_SERVER['HTTPS']) ? 'https' : 'http';
$clientIp = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
$requestMethod = $_SERVER['REQUEST_METHOD'] ?? 'CLI';
echo "Accessed via: $protocol\n";
echo "Visitor IP: $clientIp\n";
echo "HTTP Method: $requestMethod\n";
echo "User Agent: " . ($_SERVER['HTTP_USER_AGENT'] ?? 'Not provided') . "\n";
?>
Unified Input Collection
$_REQUEST aggregates data submitted through POST bodies, query strings, and cookies. While convenient for generic input handling, this superglobal presents security considerations since it masks the data source, potentially allowing unintended parameter pollution across different input vectors.
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$identifier = $_REQUEST['user_id'] ?? null;
$quantity = $_REQUEST['amount'] ?? 0;
if (filter_var($identifier, FILTER_VALIDATE_INT) && $quantity > 0) {
echo "Processing order for user $identifier with quantity $quantity";
}
}
?>
<!-- HTML form -->
<form method="post" action="">
<input type="number" name="user_id" placeholder="User ID">
<input type="number" name="amount" placeholder="Quantity">
<button type="submit">Submit Order</button>
</form>
POST Request Handling
Data transmitted via HTTP POST requests populates the $_POST array. This method suits sensitive information or substantial payloads since content resides in the request body rather than visible URLs.
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
$password = $_POST['auth_key'] ?? '';
if ($email && strlen($password) >= 8) {
echo "Authenticating $email...";
} else {
echo "Invalid credentials provided";
}
}
?>
<form method="post">
<input type="email" name="email" required>
<input type="password" name="auth_key" required minlength="8">
<button type="submit">Login</button>
</form>
Query String Parameters
URL parameters appended after the question mark populate $_GET. This superglobal facilitates bookmarkable state and navigation filtering, though length limitations and visibility make it unsuitable for confidential data.
<?php
$category = filter_input(INPUT_GET, 'cat', FILTER_SANITIZE_SPECIAL_CHARS) ?? 'general';
$page = filter_input(INPUT_GET, 'p', FILTER_VALIDATE_INT) ?: 1;
echo "Displaying category: $category\n";
echo "Page number: $page\n";
if (isset($_GET['debug'])) {
echo "<pre>";
print_r($_GET);
echo "</pre>";
}
?>
