PHP Fundamentals

Understanding Superglobals

13 min Lesson 16 of 45

Understanding Superglobals

PHP superglobals are built-in variables that are always accessible, regardless of scope. They provide access to important information like form data, server information, session data, and more.

What Are Superglobals?

Superglobals are special arrays that are available in all scopes throughout a script. You can access them from any function, class, or file without needing to use the global keyword.

Key Point: Superglobals start with $_ (dollar sign and underscore) and are always written in UPPERCASE.

The Main Superglobals

<?php
// $_GET - Data from URL parameters
// $_POST - Data from POST form submissions
// $_REQUEST - Data from both GET and POST
// $_SERVER - Server and execution environment information
// $_SESSION - Session variables
// $_COOKIE - Cookie variables
// $_FILES - File upload information
// $_ENV - Environment variables
// $GLOBALS - References to all global variables
?>

$_SERVER Superglobal

The $_SERVER superglobal contains information about the server and request environment.

<?php
// Common $_SERVER variables
echo $_SERVER['PHP_SELF'];        // Current script name
echo $_SERVER['SERVER_NAME'];     // Server hostname
echo $_SERVER['HTTP_HOST'];       // Host header
echo $_SERVER['REQUEST_METHOD'];  // Request method (GET, POST)
echo $_SERVER['REMOTE_ADDR'];     // Visitor's IP address
echo $_SERVER['HTTP_USER_AGENT']; // Browser information
echo $_SERVER['REQUEST_URI'];     // The URI of the page
?>

Example: Display Server Information

<?php
// display_server_info.php
echo '<h2>Server Information</h2>';

echo '<p><strong>Script:</strong> ' . $_SERVER['PHP_SELF'] . '</p>';
echo '<p><strong>Server:</strong> ' . $_SERVER['SERVER_NAME'] . '</p>';
echo '<p><strong>Request Method:</strong> ' . $_SERVER['REQUEST_METHOD'] . '</p>';
echo '<p><strong>User Agent:</strong> ' . $_SERVER['HTTP_USER_AGENT'] . '</p>';
echo '<p><strong>IP Address:</strong> ' . $_SERVER['REMOTE_ADDR'] . '</p>';

// Check if HTTPS
$protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'HTTPS' : 'HTTP';
echo '<p><strong>Protocol:</strong> ' . $protocol . '</p>';
?>

$_GET Superglobal

The $_GET superglobal contains data sent via URL parameters (query string).

<?php
// URL: example.php?name=John&age=25

// Access individual parameters
$name = $_GET['name'];  // "John"
$age = $_GET['age'];    // "25"

echo "Name: $name, Age: $age";

// Check if parameter exists
if (isset($_GET['name'])) {
    echo "Name parameter is set";
}

// Display all GET parameters
echo '<pre>';
print_r($_GET);
echo '</pre>';
?>

Example: Simple Search Page

<!DOCTYPE html>
<html>
<head>
    <title>Search Example</title>
</head>
<body>
    <h1>Search Products</h1>

    <!-- Search Form (GET method) -->
    <form method="get" action="search.php">
        <input type="text" name="query" placeholder="Search...">
        <select name="category">
            <option value="all">All Categories</option>
            <option value="electronics">Electronics</option>
            <option value="books">Books</option>
        </select>
        <button type="submit">Search</button>
    </form>

    <?php
    // Check if search was submitted
    if (isset($_GET['query'])) {
        $query = $_GET['query'];
        $category = $_GET['category'];

        echo "<h2>Search Results</h2>";
        echo "<p>You searched for: <strong>$query</strong></p>";
        echo "<p>In category: <strong>$category</strong></p>";

        // In real application, query database here
    }
    ?>
</body>
</html>

$_POST Superglobal

The $_POST superglobal contains data sent via POST method (typically from forms).

<?php
// Access POST data
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $username = $_POST['username'];
    $password = $_POST['password'];

    echo "Username: $username";

    // Check if field exists
    if (isset($_POST['remember'])) {
        echo "Remember me is checked";
    }
}
?>

$_REQUEST Superglobal

The $_REQUEST superglobal contains data from both GET and POST.

<?php
// Access data from either GET or POST
$name = $_REQUEST['name'];

// This works for both:
// example.php?name=John (GET)
// Form submission with name field (POST)
?>

Security Warning: Always validate and sanitize superglobal data. Never trust user input! Use htmlspecialchars(), filter_var(), and other validation functions.

$GLOBALS Superglobal

The $GLOBALS array contains all global variables.

<?php
$x = 10;
$y = 20;

function sum() {
    // Access global variables using $GLOBALS
    $GLOBALS['z'] = $GLOBALS['x'] + $GLOBALS['y'];
}

sum();
echo $z;  // Outputs: 30
?>

Practical Example: User Dashboard

<?php
// dashboard.php
session_start();

// Check if user is logged in
if (!isset($_SESSION['user_id'])) {
    header('Location: login.php');
    exit;
}

// Get user info from session
$username = $_SESSION['username'];
$user_id = $_SESSION['user_id'];

// Get page parameter from URL
$page = isset($_GET['page']) ? $_GET['page'] : 'overview';

// Get server info
$ip_address = $_SERVER['REMOTE_ADDR'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
?>

<!DOCTYPE html>
<html>
<head>
    <title>Dashboard - <?php echo $username; ?></title>
</head>
<body>
    <h1>Welcome, <?php echo htmlspecialchars($username); ?>!</h1>

    <nav>
        <a href="?page=overview">Overview</a>
        <a href="?page=profile">Profile</a>
        <a href="?page=settings">Settings</a>
        <a href="logout.php">Logout</a>
    </nav>

    <div class="content">
        <?php
        switch ($page) {
            case 'profile':
                echo "<h2>Your Profile</h2>";
                break;
            case 'settings':
                echo "<h2>Settings</h2>";
                break;
            default:
                echo "<h2>Dashboard Overview</h2>";
                echo "<p>User ID: $user_id</p>";
                echo "<p>IP: $ip_address</p>";
        }
        ?>
    </div>
</body>
</html>

Best Practices

Security Tips:

Always validate and sanitize superglobal data
Use isset() or empty() before accessing array keys
Use htmlspecialchars() when outputting to HTML
Use prepared statements for database queries
Prefer $_POST over $_GET for sensitive data
Never expose $_SERVER data to users without sanitization

Practice Exercise

Task: Create a page info script that displays:

Current page URL (use $_SERVER)
Request method (GET or POST)
Visitor's IP address
Browser information
Accept a "theme" parameter from URL (?theme=dark) and display it

Challenge: Add validation to ensure the theme parameter only accepts "light" or "dark" values.

Summary

In this lesson, you learned about:

What superglobals are and why they're useful
The main superglobal variables in PHP
$_SERVER for server and request information
$_GET for URL parameters
$_POST for form data
$_REQUEST for combined GET/POST data
$GLOBALS for accessing global variables
Security considerations when working with user input

Next, we'll explore HTML forms and how to process them with PHP!