When a PHP program begins executing, the PHP engine has already done a considerable amount of work. If the script is executing in response to a request to a web server, then the user request has been parsed by the web server and passed on to PHP. PHP uses the information in the request to work out which script file to execute, but it also uses it to set up a number of variables. These variables will be available during script execution and contain data relating to the request. PHP also creates other variables that contain information about the server environment and the system on which the script is executing.
Note |
PHP has configuration directives which affect the way the environment variables are registered. The php.ini directive, register_globals, needs to be set to on for PHP to create separate variables for all of these things. Otherwise, you will have to access them through several global arrays which PHP creates. Prior to PHP 4.0.3 there was a directive called track_vars, which allowed you to stop PHP from registering these arrays as well. In current versions of PHP, this functionality is always enabled, so we will assume it is turned on here. |
PHP builds up this body of variables from a number of sources. The order is configurable in php.ini, but the default is as follows.
First PHP 4 takes the variables from the system environment, and (if register_globals is enabled) creates variables with the same names and values in the PHP script environment. It also puts them into the associative array called $HTTP_ENV_VARS. These variables will be system-dependent, and vary from machine to machine. You can see the defaults by typing set at a Windows command prompt, or env on a UNIX machine.
Secondly, PHP creates a group that is known as the GET variables (although they aren't necessarily only created by GET requests). They are created by PHP analyzing the query string (which is stored in $QUERY_STRING). The query string is the information following the ? in the URL the client requested.
PHP splits the query string into separate elements by looking for & characters, and then examines each element, looking for an = character. If it is able to, it takes the characters to the left of the equals character, and, if register_globals is on, creates a variable with that name (subject to PHP's variable naming rules).
PHP then takes the characters to the right of the equals sign, and puts them into the variable. The same name-value pairs are inserted into the associative array $HTTP_GET_VARS. Let's look at this in action.
Consider the following HTML form:
<form action="http://localhost/ProPHP4/Chapter03/test.php" method="get"> fruit: <input type="text" name="fruit" /><br> vegetable: <input type="text" name="vegetable" /><br> <input type="submit" /> </form>
The generated request could be:
http://localhost/ProPHP4/Chapter03/test.php?fruit=banana&vegetable=broccoli. The query string is everything to the right of the ?. PHP divides it, using the ampersand character, and then creates variables as follows:
$fruit = "banana"; $vegetable = "broccoli";
Certain characters aren't allowed in URLs, so they have to be encoded. Spaces can be encoded as plus characters and any character can be encoded by using a percentage sign, followed by a two-digit hex number representing its ASCII code.
POST variables are never present unless the request to the page was a POST request. Since it is possible for a POST request to also feature a query string, it is, paradoxically, possible to have both POST and GET variables included within one page request.
POST requests include data from HTML forms in the request body, encoded as name-value pairs, much like the query string we saw before. However, because they are included in the request body, it is possible to handle larger pieces of data. Simply changing the form's method attribute to post, above, will create a form, which, instead of appending its request data to the query string, includes it in the body of a POST request.
PHP interprets the data in the same way as it did the query string, obtaining the names and values and creating the appropriate variables. It also puts them into the $HTTP_POST_VARS array.
Next PHP looks to see if the browser included a Cookie: header with its request. We'll look at cookies again in Chapter 8, but briefly, they are name-value pairs which a web site can send to a browser by setting the Set-cookie: header on an HTTP response.
The browser then, if it has cookies enabled, sends the exact same name-value pairs back to the server with every subsequent request, in the Cookie: header. PHP extracts these name-value pairs, and again, puts them into an array called $HTTP_COOKIE_VARS.
Finally, PHP will create the standard CGI environment variables, which represent various pieces of information about the request that led to the program being executed. These include:
Variable |
Significance |
---|---|
$DOCUMENT_ROOT |
The local filesystem path to the directory containing the script |
$REMOTE_ADDR |
The IP address of the computer which requested the page |
$REMOTE_PORT |
The port on which the computer which requested the page is listening for a response |
$SCRIPT_FILENAME |
The local file system path to the PHP executable |
$SERVER_ADDR |
The IP address of the machine on which the web server is running |
$SERVER_NAME |
The host name of the server on which the web server is running |
$SERVER_PORT | |
$SERVER_PROTOCOL |
The HTTP version with which the server and client are communicating |
$REQUEST_METHOD |
The HTTP method the client used to request the page (GET or POST) |
$QUERY_STRING |
The part of the URL the client requested after the ?, if present |
$REQUEST_URI |
The part of the URL the client requested after the hostname and port of the web server |
$PHP_SELF |
The path that the client should append to the server name to request the same page again |
If register_globals is not enabled, you will have to use the array $HTTP_SERVER_VARS to access these values.
In addition to these, all of the headers which accompanied the client request are made available as variables beginning $HTTP_, by taking the name of the HTTP header, converting it to upper case, and converting any hyphen characters to underscores. Some common HTTP headers are as follows:
HTTP Header |
Variable |
Significance |
---|---|---|
Host: |
$HTTP_HOST |
The name of the host the client thinks it is connecting to (this may not be the same as the $SERVER_NAME variable if the web server has multiple names) |
User-agent: |
$HTTP_USER_AGENT |
A string provided by the client's web browser which can be used to identify which type of browser it is |
Accept: |
$HTTP_ACCEPT |
A list of MIME types of file types that the client's browser can handle |
Accept-language: |
$HTTP_ACCEPT_LANGUAGE |
A list of two-letter language codes explaining the client's preferred languages for content |
These variables may not always be available (they depend on the web server making them available to you). Again, they are also included in $HTTP_SERVER_VARS, and are not created when register_globals is disabled.