Warning When Using Superglobal Variables

Hackers often use these to try and inject code etc.  When accessing superglobal variables ensure you sanitise them.  E.g.

  $CameFromPage = htmlentities($_SERVER['HTTP_REFERER']);    //htmlentities() converts things like < > " \ etc into HTML strings like &lt; so they become harmless.

Superglobal Variables

Always available in all scopes


References all variables available in global scope


Server and execution environment information


HTTP GET variables


HTTP POST variables


HTTP File Upload variables


HTTP Request variables


Session variables


Environment variables


HTTP Cookies


The previous error message


Raw POST data


HTTP response headers


The number of arguments passed to script


Array of arguments passed to script

Full descriptions

We benefit hugely from resources on the web so we decided we should try and give back some of our knowledge and resources to the community by opening up many of our company’s internal notes and libraries through mini sites like this. We hope you find the site helpful.
Please feel free to comment if you can add help to this page or point out issues and solutions you have found, but please note that we do not provide support on this site. If you need help with a problem please use one of the many online forums.


Your email address will not be published.