Superglobals: Documented $_ GET/POST/COOKIE/REQUEST/SERVER/ENV/SESSION

TODO: Maybe list them seperatly during restructure, seems like everything is documented twice now (sorry) :) Documented $HTTP_SESSION_VARS Added a link to security chapter on register_globals git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@67652 c90b9560-bf6c-de11-be94-00142212c4b1
2025-03-16 00:48:54 +00:00 · 2002-01-12 23:20:53 +00:00 · 2002-01-12 23:20:53 +00:00 · dc29c6305e
commit dc29c6305e
parent 163bd89bad
1 changed files with 101 additions and 9 deletions
--- a/language/variables.xml
+++ b/language/variables.xml
@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.26 $ -->
+<!-- $Revision: 1.27 $ -->
 <chapter id="language.variables">
  <title>Variables</title>
  
@ -454,19 +454,22 @@ $bar = &test();    // Invalid.
     </para>
    </note>

+    <note>
+     <para>
+      The new "Superglobals" were added in PHP version 4.1.0. 
+      See the <ulink url="&url.php.release4.1.0;">4.1.0 Release 
+      Announcement</ulink> for more details.
+     </para>
+    </note>
+
    <para>
     If the <link
     linkend="ini.register-globals">register_globals</link> directive
     is set, then these variables will also be made available in the
     global scope of the script; i.e., separate from the
-     <varname>$HTTP_*_VARS</varname> arrays. This feature should be
-     used with care, and turned off if possible; while the
-     <varname>$HTTP_*_VARS</varname> variables are safe, the bare
-     global equivalents can be overwritten by user input, with
-     possibly malicious intent. If you cannot turn off <link
-     linkend="ini.register-globals">register_globals</link>, you must
-     take whatever steps are necessary to ensure that the data you are
-     using is safe.
+     <varname>$HTTP_*_VARS</varname> and <varname>$_*</varname> 
+     arrays.  For related information, see the security chapter titled 
+     <link linkend="security.registerglobals">Using Register Globals</link>.
    </para>
    
    <para>
@ -513,6 +516,16 @@ $bar = &test();    // Invalid.
        </simpara>
       </listitem>
      </varlistentry>
+
+      <varlistentry>
+       <term>$_COOKIE</term>
+       <listitem>
+        <simpara>
+         An associative array of variables passed to the current
+         script via HTTP cookies.  Automatically global in any scope. 
+        </simpara>
+       </listitem>
+      </varlistentry>
      
      <varlistentry>
       <term>$HTTP_GET_VARS</term>
@ -523,6 +536,17 @@ $bar = &test();    // Invalid.
        </simpara>
       </listitem>
      </varlistentry>
+
+      <varlistentry>
+       <term>$_GET</term>
+       <listitem>
+        <simpara>
+         An associative array of variables passed to the current
+         script via the HTTP GET method.  Automatically global in 
+         any scope.
+        </simpara>
+       </listitem>
+      </varlistentry>
      
      <varlistentry>
       <term>$HTTP_POST_VARS</term>
@ -533,6 +557,17 @@ $bar = &test();    // Invalid.
        </simpara>
       </listitem>
      </varlistentry>
+
+      <varlistentry>
+       <term>$_POST</term>
+       <listitem>
+        <simpara>
+         An associative array of variables passed to the current
+         script via the HTTP POST method.  Automatically global in 
+         any scope.
+        </simpara>
+       </listitem>
+      </varlistentry>
    
      <varlistentry>
       <term>$HTTP_POST_FILES</term>
@ -561,6 +596,17 @@ $bar = &test();    // Invalid.
       </listitem>
      </varlistentry>

+    <varlistentry>
+       <term>$_ENV</term>
+       <listitem>
+        <simpara>
+         An associative array of variables passed to the current
+         script via the parent environment.  Automagically global 
+         in any scope.
+        </simpara>
+       </listitem>
+      </varlistentry>
+
    <varlistentry>
       <term>$HTTP_SERVER_VARS</term>
       <listitem>
@ -571,6 +617,52 @@ $bar = &test();    // Invalid.
        </simpara>
       </listitem>
      </varlistentry>
+
+    <varlistentry>
+       <term>$_SERVER</term>
+       <listitem>
+        <simpara>
+         An associative array of variables passed to the current
+         script from the HTTP server. These variables are analogous to
+         the Apache variables described above.  Automatically global 
+         in any scope.
+        </simpara>
+       </listitem>
+       </varlistentry>
+
+    <varlistentry>
+       <term>$HTTP_SESSION_VARS</term>
+       <listitem>
+        <simpara>
+         An associative array of session variables passed to the current
+         script.
+        </simpara>
+       </listitem>
+      </varlistentry>
+
+    <varlistentry>
+       <term>$_SESSION</term>
+       <listitem>
+        <simpara>
+         An associative array of session variables passed to the current
+         script.  Automatically global in any scope.  Creating new entries 
+         in the $_SESSION array will automatically register them as session 
+         variables, as if you called <function>session_register</function>.
+        </simpara>
+       </listitem>
+      </varlistentry>
+
+    <varlistentry>
+       <term>$_REQUEST</term>
+       <listitem>
+        <simpara>
+         An associative array merged from the GET, POST, and Cookie variables.          In other words - all the information that is coming from the user, 
+         and that from a security point of view, cannot be trusted.
+         Automatically global in any scope.
+        </simpara>
+       </listitem>
+      </varlistentry>
+
     </variablelist>
    </para>