Predefined variables

PHP provides a large number of predefined variables to any script which it runs. Many of these variables, however, cannot be fully documented as they are dependent upon which server is running, the version and setup of the server, and other factors. Some of these variables will not be available when PHP is run on the command-line.

Despite these factors, here is a list of predefined variables available under a stock installation of PHP 3 running as a module under a stock installation of Apache 1.3.6.

For a list of all predefined variables (and lots of other useful information), please see (and use) phpinfo().

Note: This list is neither exhaustive nor intended to be. It is simply a guideline as to what sorts of predefined variables you can expect to have access to in your script.

Apache variables

These variables are created by the Apache webserver. If you are running another webserver, there is no guarantee that it will provide the same variables; it may omit some, or provide others not listed here. That said, a large number of these variables are accounted for in the CGI 1.1 specification, so you should be able to expect those.

Note that few, if any, of these will be available (or indeed have any meaning) if running PHP on the command line.

$GATEWAY_INTERFACE

What revision of the CGI specification the server is using; i.e. 'CGI/1.1'.

$SERVER_NAME

The name of the server host under which the current script is executing. If the script is running on a virtual host, this will be the value defined for that virtual host.

$SERVER_SOFTWARE

Server identification string, given in the headers when responding to requests.

$SERVER_PROTOCOL

Name and revision of the information protocol via which the page was requested; i.e. 'HTTP/1.0';

$REQUEST_METHOD

Which request method was used to access the page; i.e. 'GET', 'HEAD', 'POST', 'PUT'.

$QUERY_STRING

The query string, if any, via which the page was accessed.

$DOCUMENT_ROOT

The document root directory under which the current script is executing, as defined in the server's configuration file.

$HTTP_ACCEPT

Contents of the Accept: header from the current request, if there is one.

$HTTP_ACCEPT_CHARSET

Contents of the Accept-Charset: header from the current request, if there is one. Example: 'iso-8859-1,*,utf-8'.

$HTTP_ACCEPT_ENCODING

Contents of the Accept-Encoding: header from the current request, if there is one. Example: 'gzip'.

$HTTP_ACCEPT_LANGUAGE

Contents of the Accept-Language: header from the current request, if there is one. Example: 'en'.

$HTTP_CONNECTION

Contents of the Connection: header from the current request, if there is one. Example: 'Keep-Alive'.

$HTTP_HOST

Contents of the Host: header from the current request, if there is one.

$HTTP_REFERER

The address of the page (if any) which referred the browser to the current page. This is set by the user's browser; not all browsers will set this.

$HTTP_USER_AGENT

Contents of the User_Agent: header from the current request, if there is one. This is a string denoting the browser software being used to view the current page; i.e. Mozilla/4.5 [en] (X11; U; Linux 2.2.9 i586). Among other things, you can use this value with get_browser() to tailor your page's functionality to the capabilities of the user's browser.

$REMOTE_ADDR

The IP address from which the user is viewing the current page.

$REMOTE_PORT

The port being used on the user's machine to communicate with the web server.

$SCRIPT_FILENAME

The absolute pathname of the currently executing script.

$SERVER_ADMIN

The value given to the SERVER_ADMIN (for Apache) directive in the web server configuration file. If the script is running on a virtual host, this will be the value defined for that virtual host.

$SERVER_PORT

The port on the server machine being used by the web server for communication. For default setups, this will be '80'; using SSL, for instance, will change this to whatever your defined secure HTTP port is.

$SERVER_SIGNATURE

String containing the server version and virtual host name which are added to server-generated pages, if enabled.

$PATH_TRANSLATED

Filesystem- (not document root-) based path to the current script, after the server has done any virtual-to-real mapping.

$SCRIPT_NAME

Contains the current script's path. This is useful for pages which need to point to themselves.

$REQUEST_URI

The URI which was given in order to access this page; for instance, '/index.html'.

Environment variables

These variables are imported into PHP's global namespace from the environment under which the PHP parser is running. Many are provided by the shell under which PHP is running and different systems are likely running different kinds of shells, a definitive list is impossible. Please see your shell's documentation for a list of defined environment variables.

Other environment variables include the CGI variables, placed there regardless of whether PHP is running as a server module or CGI processor.

PHP variables

These variables are created by PHP itself. The $HTTP_*_VARS variables are available only if the track_vars configuration is turned on. When enabled, the variables are always set, even if they are empty arrays. This prevents a malicious user from spoofing these variables.

Note: As of PHP 4.0.3, track_vars is always turned on, regardless of the configuration file setting.

Note: The new "Superglobals" were added in PHP version 4.1.0. See the 4.1.0 Release Announcement for more details. These are the $_GET, $_POST, $_ENV, $_SERVER, $_COOKIE, $_REQUEST $_FILES, and $_SESSION arrays, and they are informally known as Superglobals since they are always available without regard to scope. These deprecate the older respective $HTTP_*_VARS arrays.

If the register_globals directive is set, then these variables will also be made available in the global scope of the script; i.e., separate from the $HTTP_*_VARS and $_* arrays. For related information, see the security chapter titled Using Register Globals.

$argv

Array of arguments passed to the script. When the script is run on the command line, this gives C-style access to the command line parameters. When called via the GET method, this will contain the query string.

$argc

Contains the number of command line parameters passed to the script (if run on the command line).

$PHP_SELF

The filename of the currently executing script, relative to the document root. If PHP is running as a command-line processor, this variable is not available. This variable will include path information if present (e.g. $PHP_SELF on this address: "http://example.com/test.php/foo.bar" would be "/test.php/foo.bar")

$HTTP_COOKIE_VARS

An associative array of variables passed to the current script via HTTP cookies.

$_COOKIE

An associative array of variables passed to the current script via HTTP cookies. Automatically global in any scope. Introduced in PHP 4.1.0.

$HTTP_GET_VARS

An associative array of variables passed to the current script via the HTTP GET method.

$_GET

An associative array of variables passed to the current script via the HTTP GET method. Automatically global in any scope. Introduced in PHP 4.1.0.

$HTTP_POST_VARS

An associative array of variables passed to the current script via the HTTP POST method.

$_POST

An associative array of variables passed to the current script via the HTTP POST method. Automatically global in any scope. Introduced in PHP 4.1.0.

$HTTP_POST_FILES

An associative array of variables containing information about files uploaded via the HTTP POST method. See POST method uploads for information on the contents of $HTTP_POST_FILES. Introduced in 4.0.0.

$_FILES

An associative array of variables containing information about files uploaded via the HTTP POST method. See POST method uploads for information on the contents of $_FILES. Automatically global in any scope. Introduced in PHP 4.1.0.

$HTTP_ENV_VARS

An associative array of variables passed to the current script via the parent environment.

$_ENV

An associative array of variables passed to the current script via the parent environment. Automagically global in any scope. Introduced in PHP 4.1.0.

$HTTP_SERVER_VARS

An associative array of variables passed to the current script from the HTTP server. These variables are analogous to the Apache variables described above.

$_SERVER

An associative array of variables passed to the current script from the HTTP server. These variables are analogous to the Apache variables described above. Automatically global in any scope. Introduced in PHP 4.1.0.

$HTTP_SESSION_VARS

An associative array of session variables passed to the current script.

$_SESSION

An associative array of session variables passed to the current script. Automatically global in any scope. Creating new entries in the $_SESSION array will automatically register them as session variables, as if you called session_register(). Introduced in PHP 4.1.0.

$_REQUEST

An associative array merged from the GET, POST, and Cookie variables. In other words - all the information that is coming from the user, and that from a security point of view, cannot be trusted. Automatically global in any scope. Introduced in PHP 4.1.0.