Understanding Superglobal Variable in PHP: A Comprehensive Guide

PHP is a powerful scripting language, and one of its most helpful features is superglobals. These are built-in variables that can be accessed from anywhere in your code, without the need to pass them around. Superglobals make it easier to handle data, especially in web development. In this guide, we will break down everything you need to know about PHP superglobals, explaining each one in detail with simple examples. Let’s dive in!

What Are PHP Superglobals?

Superglobals are special PHP variables that are always accessible, regardless of the scope. You don’t need to declare them or pass them to functions. These variables are automatically available and make handling data, such as user input or server information, much easier.

Think of superglobals as magic boxes that hold important information. Each box has a specific purpose, like storing form data, session details, or information about the server. By understanding what each box does, you can unlock powerful ways to build your PHP applications.

List of PHP Superglobals

• $_GET
• $_POST
• $_REQUEST
• $_SESSION
• $_COOKIE
• $_FILES
• $_SERVER
• $GLOBALS
• $_ENV

Let’s explore each one step by step.

1. $_GET: Retrieving Data from URLs

The $_GET superglobal is used to collect data sent through the URL. For example, when you visit a URL like example.com?name=John, the data name=John is passed to your PHP script through $_GET.

Example:

<?php
if (isset($_GET['name'])) {
    $name = $_GET['name'];
    echo "Hello, $name!";
} else {
    echo "Name is not provided!";
}
?>

How It Works:

• When a user visits example.com?name=John, the script above will display: Hello, John!
• If no name is provided, it will show: Name is not provided!

🔹 Real-Life Use Case: Imagine you are running an online store. You can use $_GET to show product details when a user clicks on a product link, such as product.php?id=101.

⚠ Important Note: Never trust user input directly. Always sanitize data from $_GET to avoid security risks like SQL injection.

2. $_POST: Collecting Form Data

The $_POST superglobal is used to handle data sent from HTML forms using the POST method. This is commonly used for sensitive data like passwords or personal information.

Example:

<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $username = htmlspecialchars($_POST['username']);
    echo "Welcome, $username!";
}
?>

Why Use $_POST?

• Unlike $_GET, the data sent through $_POST is not visible in the URL.
• This makes it more secure for transmitting sensitive information.

3. $_REQUEST: Combining GET and POST Data

The $_REQUEST superglobal is a combination of $_GET, $_POST, and $_COOKIE. It collects data from all three sources.

Example:

<?php
if (isset($_REQUEST['data'])) {
    $data = $_REQUEST['data'];
    echo "You entered: $data";
} else {
    echo "No data received.";
}
?>

⚠ Important Note: While $_REQUEST is convenient, it can make your code less secure. Always know where your data is coming from and prefer $_GET or $_POST for better control.

4. $_SESSION: Storing User Data

The $_SESSION superglobal is used to store data across multiple pages. Sessions are stored on the server, and they last until the browser is closed (by default) or the session is manually destroyed.

Example:

<?php
session_start(); // Start the session
$_SESSION['user'] = "John";
echo "Session data saved!";
?>

In another file:

<?php
session_start(); // Resume the session
if (isset($_SESSION['user'])) {
    echo "Welcome back, {$_SESSION['user']}!";
} else {
    echo "No session found.";
}
?>

🔹 Real-Life Use Case: Sessions are commonly used to maintain login states for users.

5. $_COOKIE: Remembering Data Across Visits

Cookies are small pieces of data stored on the user's browser. The $_COOKIE superglobal allows you to retrieve this data in PHP.

Example:

<?php
setcookie("user", "John", time() + (86400 * 7), "/"); // Expires in 7 days
echo "Cookie set!";
?>

To retrieve the cookie:

<?php
if (isset($_COOKIE['user'])) {
    echo "Welcome back, {$_COOKIE['user']}!";
} else {
    echo "No cookie found.";
}
?>

6. $_FILES: Handling File Uploads

The $_FILES superglobal is used to upload files from an HTML form.

7. $_SERVER: Getting Server Information

The $_SERVER superglobal contains information about the server and the current request.

8. $GLOBALS: Accessing Global Variables

The $GLOBALS superglobal allows you to access global variables from anywhere in your script.

9. $_ENV: Accessing Environment Variables

The $_ENV superglobal allows access to environment variables set in the server or system.

Example:

<?php
echo "Server Environment: " . $_ENV['PATH'];
?>

🔹 Use Case: $_ENV is useful for storing configuration values like database credentials, API keys, and system paths.

⚠ Important Note: Many modern servers disable $_ENV for security reasons. Use getenv() as an alternative.

---

📢 This article was originally published at DevSolx for an in-depth understanding of PHP superglobals.

Comments

[david duymelinck]

What about $_ENV?

Also $_GLOBALS doesn't exist. It is $GLOBALS.

Because most superglobals are related to the request, most php solutions use the Symfony http foundation component to give them more context.

[Manan Raj]

Thanks for catching that! $_GLOBALS was a typo, and I've corrected it to $GLOBALS. I've also added $_ENV for completeness. Appreciate your keen eye and valuable input!