From dc29c6305ec2ac3e1e5a544b3932ebf59474bcea Mon Sep 17 00:00:00 2001 From: Philip Olson Date: Sat, 12 Jan 2002 23:20:53 +0000 Subject: [PATCH] Superglobals: Documented $_ GET/POST/COOKIE/REQUEST/SERVER/ENV/SESSION TODO: Maybe list them seperatly during restructure, seems like everything is documented twice now (sorry) :) Documented $HTTP_SESSION_VARS Added a link to security chapter on register_globals git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@67652 c90b9560-bf6c-de11-be94-00142212c4b1 --- language/variables.xml | 110 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 101 insertions(+), 9 deletions(-) diff --git a/language/variables.xml b/language/variables.xml index 55a2b5b6eb..856870e741 100644 --- a/language/variables.xml +++ b/language/variables.xml @@ -1,5 +1,5 @@ - + Variables @@ -454,19 +454,22 @@ $bar = &test(); // Invalid. + + + The new "Superglobals" were added in PHP version 4.1.0. + See the 4.1.0 Release + Announcement for more details. + + + If the register_globals directive is set, then these variables will also be made available in the global scope of the script; i.e., separate from the - $HTTP_*_VARS arrays. This feature should be - used with care, and turned off if possible; while the - $HTTP_*_VARS variables are safe, the bare - global equivalents can be overwritten by user input, with - possibly malicious intent. If you cannot turn off register_globals, you must - take whatever steps are necessary to ensure that the data you are - using is safe. + $HTTP_*_VARS and $_* + arrays. For related information, see the security chapter titled + Using Register Globals. @@ -513,6 +516,16 @@ $bar = &test(); // Invalid. + + + $_COOKIE + + + An associative array of variables passed to the current + script via HTTP cookies. Automatically global in any scope. + + + $HTTP_GET_VARS @@ -523,6 +536,17 @@ $bar = &test(); // Invalid. + + + $_GET + + + An associative array of variables passed to the current + script via the HTTP GET method. Automatically global in + any scope. + + + $HTTP_POST_VARS @@ -533,6 +557,17 @@ $bar = &test(); // Invalid. + + + $_POST + + + An associative array of variables passed to the current + script via the HTTP POST method. Automatically global in + any scope. + + + $HTTP_POST_FILES @@ -561,6 +596,17 @@ $bar = &test(); // Invalid. + + $_ENV + + + An associative array of variables passed to the current + script via the parent environment. Automagically global + in any scope. + + + + $HTTP_SERVER_VARS @@ -571,6 +617,52 @@ $bar = &test(); // Invalid. + + + $_SERVER + + + An associative array of variables passed to the current + script from the HTTP server. These variables are analogous to + the Apache variables described above. Automatically global + in any scope. + + + + + + $HTTP_SESSION_VARS + + + An associative array of session variables passed to the current + script. + + + + + + $_SESSION + + + An associative array of session variables passed to the current + script. Automatically global in any scope. Creating new entries + in the $_SESSION array will automatically register them as session + variables, as if you called session_register. + + + + + + $_REQUEST + + + An associative array merged from the GET, POST, and Cookie variables. In other words - all the information that is coming from the user, + and that from a security point of view, cannot be trusted. + Automatically global in any scope. + + + +