Warning When Using Superglobal Variables

Hackers often use these to try and inject code etc.  When accessing superglobal variables ensure you sanitise them.  E.g.


  $CameFromPage = htmlentities($_SERVER['HTTP_REFERER']);    //htmlentities() converts things like < > " \ etc into HTML strings like &lt; so they become harmless.

Superglobal Variables

Always available in all scopes

$GLOBALS

References all variables available in global scope

$_SERVER

Server and execution environment information

$_GET

HTTP GET variables

$_POST

HTTP POST variables

$_FILES

HTTP File Upload variables

$_REQUEST

HTTP Request variables

$_SESSION

Session variables

$_ENV

Environment variables

$_COOKIE

HTTP Cookies

$php_errormsg

The previous error message

$HTTP_RAW_POST_DATA

Raw POST data

$http_response_header

HTTP response headers

$argc

The number of arguments passed to script

$argv

Array of arguments passed to script

Full descriptions

USEFUL?
We benefit hugely from resources on the web so we decided we should try and give back some of our knowledge and resources to the community by opening up many of our company’s internal notes and libraries through mini sites like this. We hope you find the site helpful.
Please feel free to comment if you can add help to this page or point out issues and solutions you have found, but please note that we do not provide support on this site. If you need help with a problem please use one of the many online forums.

Comments

Your email address will not be published. Required fields are marked *