Home

superglobals

In PHP, superglobals are a set of built-in variables that are automatically available in every scope throughout a script. They do not require global declarations to be accessed, and they are provided by the PHP runtime. Superglobals are typically arrays or special variables, and they contrast with user-defined globals because they are always accessible without explicit propagation.

The most commonly used superglobals include:

- $_GET and $_POST, which contain query string and form data sent by the client.

- $_REQUEST, which merges data from $_GET, $_POST, and $_COOKIE.

- $_COOKIE, which stores cookies sent by the client.

- $_FILES, which contains information about uploaded files.

- $_SERVER, which provides server and execution environment information (request method, script name, headers, etc.).

- $_ENV, which holds environment variables.

- $_SESSION, which stores session data (requires session_start()).

- $GLOBALS, a reference to all global variables in the script.

Usage typically involves indexing these arrays by a key, with checks for existence. For example, using

Security and best practices emphasize validating and sanitizing all user-supplied data obtained from these superglobals. Prefer

input
data
safely
can
look
like:
if
(isset($_GET['page']))
{
$page
=
(string)
$_GET['page'];
}
and
then
sanitizing
the
value
before
use.
Functions
like
htmlspecialchars
or
filter_input
provide
additional
protection.
When
handling
file
uploads,
$_FILES
contains
details
such
as
name,
type,
size,
and
temporary
path.
using
the
specific
superglobals
($_GET,
$_POST)
over
$_REQUEST
to
avoid
mixing
sources.
For
session
data,
always
start
the
session
with
session_start()
and
implement
proper
session
security
measures.