SUPERGLOBAL ARRAYS

SCOPE

php logoWhen we define a script the main scope is the global scope. In addition to the global scope there is a local scope, that is, the one within functions. Communication between global scope and local scope is through function parameters, we pass a value to the function from the global scope, and the function can return a value to the global scope. The following code explains these concepts better.

Scope

SUPERGLOBAL ARRAYS BRIEF INTRODUCTION

  • $GLOBALS
    • It is explained by the following code.
$GLOBALS
  • $_SERVER
    • Contains information such as headers, paths, locations in the script etc*/
  • $_GET
    • When we pass information via URL we can retrieve the parameter-value pairs via this array.
  • $_POST
    • When a Form is submitted via POST we can retrieve the values sent to the server thanks to this Array.
  • $_FILES
    • Again when we submit a Form, if we upload files these can be retrieved thanks to the $_FILES array.
  • $_COOKIE
    • Cookies and sessions are tools for maintaining state. The HTTP protocol is stateless, that is, it does not keep memory on a communication that has occurred between client and server. Sometimes, however, we need to store some information, and we do this through cookies and sessions.
  • $_SESSION
  • $_REQUEST
    • Combined content of $_GET, $_POST and $_COOKIE
  • $_ENV
    • Contains information about environment variables.

THE SUPERGLOBAL ARRAY $_GET

A request between client and server can be made in several ways. These are called HTTP methods. A classic communication between client and server is done with the GET or POST method. When we type a URL into the address bar of a browser we are making a GET request. If we go inside a browser and open the developer tools (F12 for Chrome) open the Network tab, reload the page and select the request, we will see that the method is GET.

GET Request

By doing a var_dump($_GET) and refreshing the page we will see an empty array as can be seen in the figure above. However, if we update the URL by setting a first parameter name and value Marco and a second parameter course with PHP value, the array will have two elements.

Query String

$_GET is an array with two query string elements name value Mark e course having value PHP. If we now comment out var_dump and use the following PHP statement.

echo Course {$_GET[‘course‘]} realized by {$_GET[‘name’]}”;

we will have:

echo

We retrieved the information from the query string. If we create a basic HTML template and form with two text boxes and a submit button we will have that information typed into the text boxes, when the submit button is pressed they are returned to the URL.

Form
Copy to Clipboard

DEEPENING

The $_GET superglobal array in PHP is an associative array that contains the data sent to the server via the HTTP GET method. In other words, $_GET is used to access the query string parameters that are passed in the URL when a request is sent to a web page.

How $_GET works

When a user sends a request to a URL of the type:

http://esempio.com/pagina.php?nome=Maria&eta=25

The name and eta parameters are passed to the page pagina.php via the query string. In this case, $_GET will contain the following values:

$_GET[‘nome‘] = ‘Maria‘;
$_GET[‘eta‘] = ‘25‘;

Example of use

Here is a simple example of how to use $_GET in a PHP file:

<?php
      // Verifica se il parametro ‘nome’ è stato passato tramite URL
if (isset($_GET[‘nome‘])) {
$nome = $_GET[‘nome‘];
echo “Ciao, ” . htmlspecialchars($nome) . “!”;
}else {
echoNome non fornito.“;
}
?>

If the user visits http://esempio.com/pagina.php?nome=Maria, the page will show “Hello, Mary!”

Security

When using data from $_GET, it is important to remember that this data can be manipulated by the user, so it needs to be sanitized and validated to avoid vulnerabilities such as script injection or SQL injection. A common practice is to use functions such as htmlspecialchars() to prevent the execution of unwanted HTML or JavaScript code.

Difference between $_GET and $_POST.

While $_GET retrieves data from the query string in the URL, $_POST retrieves data sent via the POST method. The POST method is generally used when large amounts of data or sensitive data (e.g., passwords) must be sent, since the data is not visible in the URL.

Considerations

-Data size: Since $_GET data is passed in the URL, there is a limit to the amount of data that can be transmitted.

-Visibility: Data sent with $_GET is visible in the URL and can be easily bookmarked or shared, making it suitable for non-sensitive information.

In summary, $_GET is a powerful and useful tool for handling query string parameters in PHP, but it requires care to ensure security and data integrity.

LINKS TO PREVIOUS POSTS

THE PHP LANGUAGE

LINK TO THE CODE ON GITHUB

GITHUB