Predefined Variables A superglobal is a predefined variable that is always accessible, regardless of scope.

Forms

Forms The purpose of the PHP superglobals $_GET and $_POST is to collect data that has been entered into a form. The example below shows a simple HTML form that includes two input fields and a submit button:

Name:

Age:

The action attribute specifies that when the form is submitted, the data is sent to a PHP file named first.php. HTML form elements have names, which will be used when accessing the data with PHP. The method attribute will be discussed in the next lesson. For now, we’ll set the value to “post”.

Now, when we have an HTML form with the action attribute set to our PHP file, we can access the posted form data using the $_POST associative array. In the first.php file:

Welcome

Your age:

The $_POST superglobal array holds key/value pairs. In the pairs, keys are the names of the form controls and values are the input data entered by the user.

GET

Information sent via a form using the GET method is visible to everyone (all variable names and values are displayed in the URL). GET also sets limits on the amount of information that can be sent – about 2000 characters. However, because the variables are displayed in the URL, it is possible to bookmark the page, which can be useful in some situations.For example:

Name:

Age:

actionGet.php

Now, the form is submitted to the actionGet.php, and you can see the submitted data in the URL:

SESSIONS

Using a session, you can store information in variables, to be used across multiple pages. Information is not stored on the user’s computer, as it is with cookies. By default, session variables last until the user closes the browser. Start a PHP Session A session is started using the session_start() function. Use the PHP global $_SESSION to set session variables.

Now, the color and name session variables are accessible on multiple pages, throughout the entire session. The session_start() function must be the very first thing in your document. Before any HTML tags.

Your session variables remain available in the $_SESSION superglobal until you close your session. All global session variables can be removed manually by using session_unset(). You can also destroy the session with session_destroy().

COOKIES

Cookies are often used to identify the user. A cookie is a small file that the server embeds on the user’s computer. Each time the same computer requests a page through a browser, it will send the cookie, too. With PHP, you can both create and retrieve cookie values. Create cookies using the setcookie() function:setcookie(name, value, expire, path, domain, secure, httponly); name: Specifies the cookie’s name value: Specifies the cookie’s value expire: Specifies (in seconds) when the cookie is to expire. The value: time()+86400*30, will set the cookie to expire in 30 days. If this parameter is omitted or set to 0, the cookie will expire at the end of the session (when the browser closes). Default is 0. path: Specifies the server path of the cookie. If set to “/”, the cookie will be available within the entire domain. If set to “/php/”, the cookie will only be available within the php directory and all sub-directories of php. The default value is the current directory in which the cookie is being set. domain: Specifies the cookie’s domain name. To make the cookie available on all subdomains of example.com, set the domain to “example.com”. secure: Specifies whether or not the cookie should only be transmitted over a secure, HTTPS connection. TRUE indicates that the cookie will only be set if a secure connection exists. Default is FALSE. httponly: If set to TRUE, the cookie will be accessible only through the HTTP protocol (the cookie will not be accessible to scripting languages). Using httponly helps reduce identity theft using XSS attacks. Default is FALSE. The name parameter is the only one that’s required. All of the other parameters are optional.

The following example creates a cookie named “user” with the value “John”. The cookie will expire after 30 days, which is written as 86,400 * 30, in which 86,400 seconds = one day. The ‘/’ means that the cookie is available throughout the entire website. We then retrieve the value of the cookie “user” (using the global variable $_COOKIE). We also use the isset() function to find out if the cookie is set:

The setcookie() function must appear BEFORE thetag. The value of the cookie is automatically encoded when the cookie is sent, and is automatically decoded when it’s received. Nevertheless, NEVER store sensitive information in cookies.