Accessing PHP and HTTP Data

You know how HTTP works and you basically understand clients and servers, so you're very cognizant of the interaction between your browser (a client application) and the Web server (a server application) when running PHP programs online. In this chapter you explore HTML forms and examine how they facilitate user interactions with the Web server (and thereby your PHP programs). These topics deserve a lot of attention because HTTP, HTML, and PHP are tightly intertwined. A good understanding of what's going on between the browser and the server is essential for PHP programming because within the requests and responses flying back and forth from client to server is a wealth of data you can utilize.

Each time you click a link or submit a form, you send a great deal of data about your system and your browser to the Web server, and each time the Web server responds, it sends you a great deal of data about itself. PHP has the capability to capture the data that is submitted by a browser, and also provides a means of getting at data about PHP's installation on the server. For instance, if you go to your favorite PHP-driven Web site and log in, it's likely that a predefined variable named $_POST is filled (on the server) with your username and password, another predefined variable named $_SERVER contains information about the current Web server environment, and that both are available to the PHP application running the site. These aspects of PHP are discussed in depth in the next few sections, but it's really kind of surprising how much data is available (especially considering that most folks aren't even aware of it). Read on to learn how to access all this data.

Predefined Variables

PHP automatically makes quite a few variables (called predefined variables) available anywhere in your program. They are array variables, and you can access them by name, like any other variable. By default, PHP is configured not to populate these variables (in the php.ini file, the default register_globals=Off is in place), you must use their entire name to access their data. For example, if a form has a text field named username and this field is filled out and submitted (and assuming the form's submission method is POST), you can access the field's data by code such as this:

$my_new_username = $_POST[username];

Predefined variables are also called superglobal variables because they can be accessed without regard to scope. Predefined variables consist of most of the information contained in HTTP requests and responses, including server variables, query strings, form variables, and so on. You can use predefined variables for any purpose, just like ordinary variables, but some of them may or may not be present for any given installation of PHP because Web servers vary in the data provided via HTTP.

In addition to predefined variables, you can use the built-in PHP function phpinfo() to get basic PHP installation and operating information. This function not only enables you to test whether PHP is installed and working (as you saw in Chapter 1), but also enables you to find out many details about how PHP is installed on the server. For example, you can find out what version of PHP is running, what OS your server is running on, and so forth.

Perhaps an easier way to demonstrate what you get from the phpinfo() function is simply to run the test01.php file created in Chapter 1 again. This time you're running it not just to see if the installation of PHP worked (as you did in Chapter 1) but to examine the various kinds of data it provides. When run from your Web server, phpinfo() creates a very nicely formatted and detailed page (including all the required HTML tags) describing the PHP version, operating system, version of the ZEND engine, settings in your php.ini file, additional modules, and predefined variables.

Variables in HTTP Request and Response

There's a surprising amount of data passed back and forth between the client and the Web server (and vice versa). For example, not only is the IP address of the client passed to the Web server with each request (not actually very surprising, as how else would the Web server know where to send the response) but also details about what version of browser is making the request, cookies, form data, Web server version, and so on. The data is contained in predefined variables structured as associative arrays, so that you can access them by name, just like you would access any other array. The contents of each and what you might want to use them for are presented after the following "Try It Out."

There is a setting in your configuration file (php.ini) called register_globals. The default is off (since PHP4.2), and it restricts how you can access some predefined variables. From a practical standpoint, this means you should use the full name of the array ($_SERVER['DOCUMENT-ROOT'] is the example given) to access data in predefined variables. There is the function (import_request_variables()) that will import GET, POST, and Cookie variables into the global scope, so you can access them directly by name, but the full array name is recommended and therefore used in this book.

Try it Out: Display $GLOBALS

The following code demonstrates displaying the contents of the $GLOBALS predefined variable. The code goes inside a nicely formatted HTML Web page:

<?php
echo "<pre>";
print_($GLOBALS);
echo "</pre>";
?>

Run this code in your browser (name the file displaying_predefined_vars.php) and you'll see what the $GLOBALS array contains. Don't be too surprised if they all turn out to be empty at the moment. However, at the end of this section is a figure showing what the predefined variables look like when displayed.

Don't forget to place the file in the appropriate folder that's published by your Web server. From here on out it's assumed that you've created any Web server-accessible folders you want and are placing your files in them as needed.

How it Works

The print_r() function prints out information about variables in a format that is easy for people to read. It's especially useful with arrays because it prints the keys and values one after the other. Use it with the HTML <pre> tags so it prints nicely on the page, rather than all on one line.

SuperGlobal Arrays

The predefined arrays are described in the following table. They're called superglobals because they can be accessed form anywhere in a PHP program without having to use the global keyword and without regard for scope.

Array

Description

$GLOBALS

Has a reference to every variable that has global scope in a PHP program. Many of the variables in it are also in other superglobal arrays

$_SERVER

Includes everything sent by server in the HTTP response, such as the name of the currently executing script, server name, version of HTTP, remote IP address, and so on. Although most Web server software produces the same server variables, not all do, and not all server variables necessarily have data in them

$_GET

Contains all the querystring variables that were attached to the URL, or produced as a result of using the GET method

$_POST

Contains all the submitted form variables and their data. You use variables from the $_POST or $_REQUEST arrays extensively in most of your PHP programs. For example, to make use of a username or password (or any other data) submitted as part of a form, you'll use PHP variables from the $_REQUEST array

$_COOKIE

Contains all cookies sent to the server by the browser. They are turned into variables you can read from this array, and you can write cookies to the user's browser using the setcookie() function. Cookies provide a means of identifying a user across page requests (or beyond, depending upon when the cookie expires) and are often used automatically in session handling

$_FILES

Contains any items uploaded to the server when the POST method is used. It's different from the $_POST array because it specifically contains items uploaded (such as an uploaded image file), not the contents of submitted form fields

$_ENV

Contains data about the environment the server and PHP are operating in, such as the computer name, operating system, and system drive

$_REQUEST

Contains the contents of the $_GET, $_POST, and $COOKIE arrays, all in one

$_SESSION

Contains all variables that are currently registered as session variables. Because you have programmatic control over the variables registered in the session, the contents of this array at any given moment depend on what your program does and whether you use sessions

The following code makes a page showing the contents of the SuperGlobal variables just discussed. If you look closely at the code, you'll notice that much of it is the same thing over and over; that's because each variable (with a bit of HTML thrown in for formatting) is being displayed. Save the code as displaying_predefined_vars.php before running it from your browser:

<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor= " #FFFFFF" >
<table width="100%" border="1">
  <tr><td colspan="2"><font face="Arial, Helvetica, sans-serif" size=
"-1"><b>Displaying Predefined Variables</b></font></td>
  </tr>
  <tr><td width="40%" valign="top"><font face="Arial, Helvetica, sans-serif"
size="-1">Globals - $GLOBALS</font></td>
    <td width="60%"><font face="Arial, Helvetica, sans-serif" size="-2">
<?php
echo "<pre>";
print_r($GLOBALS);
echo "</pre>";
?>
</font></td>
  </tr>
  <tr><td width="40%" valign="top"><font face="Arial, Helvetica, sans-serif"
size="-1">Server - $_SERVER</font></td>
    <td width="60%"><font face="Arial, Helvetica, sans-serif" size="-1">
<?php
echo "<pre>";
print_r($_SERVER);
echo "</pre>";
?>
</font></td>
  </tr>
  <tr><td width="40%" valign="top"><font face="Arial, Helvetica, sans-serif"
size="-1">Get - $_GET </font></td>
  <td width="60%"><font face="Arial, Helvetica, sans-serif" size="-1">
<?php
echo "<pre>";
print_r($_GET);
echo "</pre>";
?>
</font></td>
  </tr>
  <tr><td width="40%" valign="top"><font face="Arial, Helvetica, sans-serif"
size="-1">Post - $_POST </font></td>
    <td width="60%"><font face="Arial, Helvetica, sans-serif" size="-1">
<?php
echo "<pre>";
print_r($_POST);
echo "</pre>";
?>
</font></td>
  </tr>
  <tr><td width="40%" valign="top"><font face="Arial, Helvetica, sans-serif"
size="-1">Cookie - $_COOKIE</font></td>
    <td width="60%"><font face="Arial, Helvetica, sans-serif" size="-1">
<?php
echo "<pre>";
print_r ($_COOKIE) ;
echo "</pre>";
?>
</font></td>
  </tr>
  <tr><td width="40%" valign="top"><font face="Arial, Helvetica, sans-serif"
size="-1">Files - $_FILES</font></td>
    <td width="60%"><font face="Arial, Helvetica, sans-serif" size="-1">
<?php
echo "<pre>";
print_r ($_FILES);
echo "</pre>";
?>
</font></td>
  </tr>
  <tr><td width="40%" valign="top"><font face="Arial, Helvetica, sans-serif"
size="-1"> Environment - $_ENV</font></td>
    <td width="60%><font face="Arial, Helvetica, sans-serif" size="-1">
<?php
echo "<pre>";
print_r($_ENV);
echo "</pre>";
?>
</font></td>
  </tr>
  <tr><td width="40%" valign="top"><font face="Arial, Helvetica, sans-serif"
size="-1">Request - $_REQUEST</font></td>
    <td width="60%"><font face="Arial, Helvetica, sans-serif" size="-1">
<?php
echo "<pre>";
print_r($_REQUEST);
echo "</pre>";
?>
</font></td>
  </tr>
  <tr><td width="40%" valign="top"><font face="Arial, Helvetica, sans-serif"
size="-1">Session - $_SESSION</font></td>
    <td width="60%"><font face="Arial, Helvetica, sans-serif" size="-1">
<?php
echo "<pre>";
print_r($_SESSION);
echo "</pre>";
?>
</font></td>
  </tr>
</table>
</body>
</html>