<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>Variables From External Sources</title> </head> <body><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="language.variables.variable.html">Variable variables</a></div> <div class="next" style="text-align: right; float: right;"><a href="language.constants.html">Constants</a></div> <div class="up"><a href="language.variables.html">Variables</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div><hr /><div id="language.variables.external" class="sect1"> <h2 class="title">Variables From External Sources</h2> <div class="sect2" id="language.variables.external.form"> <h3 class="title">HTML Forms (GET and POST)</h3> <p class="simpara"> When a form is submitted to a PHP script, the information from that form is automatically made available to the script. There are few ways to access this information, for example: </p> <p class="para"> <div class="example" id="example-86"> <p><strong>Example #1 A simple HTML form</strong></p> <div class="example-contents"> <div class="htmlcode"><pre class="htmlcode"><form action="foo.php" method="post"> Name: <input type="text" name="username" /><br /> Email: <input type="text" name="email" /><br /> <input type="submit" name="submit" value="Submit me!" /> </form></pre> </div> </div> </div> </p> <p class="para"> As of PHP 5.4.0, there are only two ways to access data from your HTML forms. Currently available methods are listed below: </p> <p class="para"> <div class="example" id="example-87"> <p><strong>Example #2 Accessing data from a simple POST HTML form</strong></p> <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"> <span style="color: #0000BB"><?php<br /></span><span style="color: #007700">echo </span><span style="color: #0000BB">$_POST</span><span style="color: #007700">[</span><span style="color: #DD0000">'username'</span><span style="color: #007700">];<br />echo </span><span style="color: #0000BB">$_REQUEST</span><span style="color: #007700">[</span><span style="color: #DD0000">'username'</span><span style="color: #007700">];<br /></span><span style="color: #0000BB">?></span> </span> </code></div> </div> </div> </p> <p class="para"> There were some other ways of accessing user input in old PHP versions. These are listed below. See changelog at the bottom of the page for more details. <div class="example" id="example-88"> <p><strong>Example #3 Old methods of accessing user input</strong></p> <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"> <span style="color: #0000BB"><?php<br /></span><span style="color: #FF8000">// WATCH OUT: these methods ARE NOT supported anymore.<br />// Valid ones were described above.<br /><br />// Using import_request_variables() - this function has been removed in PHP 5.4.0<br /> </span><span style="color: #0000BB">import_request_variables</span><span style="color: #007700">(</span><span style="color: #DD0000">'p'</span><span style="color: #007700">, </span><span style="color: #DD0000">'p_'</span><span style="color: #007700">);<br /> echo </span><span style="color: #0000BB">$p_username</span><span style="color: #007700">;<br /><br /></span><span style="color: #FF8000">// These long predefined variables were removed in PHP 5.4.0<br /> </span><span style="color: #007700">echo </span><span style="color: #0000BB">$HTTP_POST_VARS</span><span style="color: #007700">[</span><span style="color: #DD0000">'username'</span><span style="color: #007700">];<br /><br /></span><span style="color: #FF8000">// Using register_globals. This feature was removed in PHP 5.4.0<br /> </span><span style="color: #007700">echo </span><span style="color: #0000BB">$username</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">?></span> </span> </code></div> </div> </div> </p> <p class="para"> Using a GET form is similar except you'll use the appropriate GET predefined variable instead. GET also applies to the <em>QUERY_STRING</em> (the information after the '?' in a URL). So, for example, <em>http://www.example.com/test.php?id=3</em> contains GET data which is accessible with <var class="varname"><var class="varname"><a href="reserved.variables.get.html" class="classname">$_GET['id']</a></var></var>. See also <var class="varname"><var class="varname"><a href="reserved.variables.request.html" class="classname">$_REQUEST</a></var></var>. </p> <blockquote class="note"><p><strong class="note">Note</strong>: <p class="para"> Dots and spaces in variable names are converted to underscores. For example <em><input name="a.b" /></em> becomes <em>$_REQUEST["a_b"]</em>. </p> </p></blockquote> <p class="simpara"> PHP also understands arrays in the context of form variables (see the <a href="faq.html.html" class="link">related faq</a>). You may, for example, group related variables together, or use this feature to retrieve values from a multiple select input. For example, let's post a form to itself and upon submission display the data: </p> <p class="para"> <div class="example" id="example-89"> <p><strong>Example #4 More complex form variables</strong></p> <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"> <span style="color: #0000BB"><?php<br /></span><span style="color: #007700">if (</span><span style="color: #0000BB">$_POST</span><span style="color: #007700">) {<br /> echo </span><span style="color: #DD0000">'<pre>'</span><span style="color: #007700">;<br /> echo </span><span style="color: #0000BB">htmlspecialchars</span><span style="color: #007700">(</span><span style="color: #0000BB">print_r</span><span style="color: #007700">(</span><span style="color: #0000BB">$_POST</span><span style="color: #007700">, </span><span style="color: #0000BB">true</span><span style="color: #007700">));<br /> echo </span><span style="color: #DD0000">'</pre>'</span><span style="color: #007700">;<br />}<br /></span><span style="color: #0000BB">?><br /></span><form action="" method="post"><br /> Name: <input type="text" name="personal[name]" /><br /><br /> Email: <input type="text" name="personal[email]" /><br /><br /> Beer: <br /><br /> <select multiple name="beer[]"><br /> <option value="warthog">Warthog</option><br /> <option value="guinness">Guinness</option><br /> <option value="stuttgarter">Stuttgarter Schwabenbräu</option><br /> </select><br /><br /> <input type="submit" value="submit me!" /><br /></form></span> </code></div> </div> </div> </p> <div class="sect3" id="language.variables.external.form.submit"> <h4 class="title">IMAGE SUBMIT variable names</h4> <p class="simpara"> When submitting a form, it is possible to use an image instead of the standard submit button with a tag like: </p> <div class="informalexample"> <div class="example-contents"> <div class="htmlcode"><pre class="htmlcode"><input type="image" src="image.gif" name="sub" /></pre> </div> </div> </div> <p class="simpara"> When the user clicks somewhere on the image, the accompanying form will be transmitted to the server with two additional variables, <var class="varname"><var class="varname">sub_x</var></var> and <var class="varname"><var class="varname">sub_y</var></var>. These contain the coordinates of the user click within the image. The experienced may note that the actual variable names sent by the browser contains a period rather than an underscore, but PHP converts the period to an underscore automatically. </p> </div> </div> <div class="sect2" id="language.variables.external.cookies"> <h3 class="title">HTTP Cookies</h3> <p class="simpara"> PHP transparently supports HTTP cookies as defined by <a href="http://www.faqs.org/rfcs/rfc6265" class="link external">» RFC 6265</a>. Cookies are a mechanism for storing data in the remote browser and thus tracking or identifying return users. You can set cookies using the <span class="function"><a href="function.setcookie.html" class="function">setcookie()</a></span> function. Cookies are part of the HTTP header, so the SetCookie function must be called before any output is sent to the browser. This is the same restriction as for the <span class="function"><a href="function.header.html" class="function">header()</a></span> function. Cookie data is then available in the appropriate cookie data arrays, such as <var class="varname"><var class="varname"><a href="reserved.variables.cookies.html" class="classname">$_COOKIE</a></var></var> as well as in <var class="varname"><var class="varname"><a href="reserved.variables.request.html" class="classname">$_REQUEST</a></var></var>. See the <span class="function"><a href="function.setcookie.html" class="function">setcookie()</a></span> manual page for more details and examples. </p> <p class="simpara"> If you wish to assign multiple values to a single cookie variable, you may assign it as an array. For example: </p> <div class="informalexample"> <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"> <span style="color: #0000BB"><?php<br /> setcookie</span><span style="color: #007700">(</span><span style="color: #DD0000">"MyCookie[foo]"</span><span style="color: #007700">, </span><span style="color: #DD0000">'Testing 1'</span><span style="color: #007700">, </span><span style="color: #0000BB">time</span><span style="color: #007700">()+</span><span style="color: #0000BB">3600</span><span style="color: #007700">);<br /> </span><span style="color: #0000BB">setcookie</span><span style="color: #007700">(</span><span style="color: #DD0000">"MyCookie[bar]"</span><span style="color: #007700">, </span><span style="color: #DD0000">'Testing 2'</span><span style="color: #007700">, </span><span style="color: #0000BB">time</span><span style="color: #007700">()+</span><span style="color: #0000BB">3600</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?></span> </span> </code></div> </div> </div> <p class="simpara"> That will create two separate cookies although <var class="varname"><var class="varname">MyCookie</var></var> will now be a single array in your script. If you want to set just one cookie with multiple values, consider using <span class="function"><a href="function.serialize.html" class="function">serialize()</a></span> or <span class="function"><a href="function.explode.html" class="function">explode()</a></span> on the value first. </p> <p class="simpara"> Note that a cookie will replace a previous cookie by the same name in your browser unless the path or domain is different. So, for a shopping cart application you may want to keep a counter and pass this along. i.e. </p> <div class="example" id="example-90"> <p><strong>Example #5 A <span class="function"><a href="function.setcookie.html" class="function">setcookie()</a></span> example</strong></p> <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"> <span style="color: #0000BB"><?php<br /></span><span style="color: #007700">if (isset(</span><span style="color: #0000BB">$_COOKIE</span><span style="color: #007700">[</span><span style="color: #DD0000">'count'</span><span style="color: #007700">])) {<br /> </span><span style="color: #0000BB">$count </span><span style="color: #007700">= </span><span style="color: #0000BB">$_COOKIE</span><span style="color: #007700">[</span><span style="color: #DD0000">'count'</span><span style="color: #007700">] + </span><span style="color: #0000BB">1</span><span style="color: #007700">;<br />} else {<br /> </span><span style="color: #0000BB">$count </span><span style="color: #007700">= </span><span style="color: #0000BB">1</span><span style="color: #007700">;<br />}<br /></span><span style="color: #0000BB">setcookie</span><span style="color: #007700">(</span><span style="color: #DD0000">'count'</span><span style="color: #007700">, </span><span style="color: #0000BB">$count</span><span style="color: #007700">, </span><span style="color: #0000BB">time</span><span style="color: #007700">()+</span><span style="color: #0000BB">3600</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">setcookie</span><span style="color: #007700">(</span><span style="color: #DD0000">"Cart[</span><span style="color: #0000BB">$count</span><span style="color: #DD0000">]"</span><span style="color: #007700">, </span><span style="color: #0000BB">$item</span><span style="color: #007700">, </span><span style="color: #0000BB">time</span><span style="color: #007700">()+</span><span style="color: #0000BB">3600</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?></span> </span> </code></div> </div> </div> </div> <div class="sect2" id="language.variables.external.dot-in-names"> <h3 class="title">Dots in incoming variable names</h3> <p class="para"> Typically, PHP does not alter the names of variables when they are passed into a script. However, it should be noted that the dot (period, full stop) is not a valid character in a PHP variable name. For the reason, look at it: <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"> <span style="color: #0000BB"><?php<br />$varname</span><span style="color: #007700">.</span><span style="color: #0000BB">ext</span><span style="color: #007700">; </span><span style="color: #FF8000">/* invalid variable name */<br /></span><span style="color: #0000BB">?></span> </span> </code></div> </div> Now, what the parser sees is a variable named <var class="varname"><var class="varname">$varname</var></var>, followed by the string concatenation operator, followed by the barestring (i.e. unquoted string which doesn't match any known key or reserved words) 'ext'. Obviously, this doesn't have the intended result. </p> <p class="para"> For this reason, it is important to note that PHP will automatically replace any dots in incoming variable names with underscores. </p> </div> <div class="sect2" id="language.variables.determining-type-of"> <h3 class="title">Determining variable types</h3> <p class="para"> Because PHP determines the types of variables and converts them (generally) as needed, it is not always obvious what type a given variable is at any one time. PHP includes several functions which find out what type a variable is, such as: <span class="function"><a href="function.gettype.html" class="function">gettype()</a></span>, <span class="function"><a href="function.is-array.html" class="function">is_array()</a></span>, <span class="function"><a href="function.is-float.html" class="function">is_float()</a></span>, <span class="function"><a href="function.is-int.html" class="function">is_int()</a></span>, <span class="function"><a href="function.is-object.html" class="function">is_object()</a></span>, and <span class="function"><a href="function.is-string.html" class="function">is_string()</a></span>. See also the chapter on <a href="language.types.html" class="link">Types</a>. </p> <p class="para"> HTTP being a text protocol, most, if not all, content that comes in <a href="language.variables.superglobals.html" class="link">Superglobal arrays</a>, like <var class="varname"><var class="varname"><a href="reserved.variables.post.html" class="classname">$_POST</a></var></var> and <var class="varname"><var class="varname"><a href="reserved.variables.get.html" class="classname">$_GET</a></var></var> will remain as strings. PHP will not try to convert values to a specific type. In the example below, <var class="varname"><var class="varname"><a href="reserved.variables.get.html" class="classname">$_GET["var1"]</a></var></var> will contain the string "null" and <var class="varname"><var class="varname"><a href="reserved.variables.get.html" class="classname">$_GET["var2"]</a></var></var>, the string "123". <div class="example-contents"> <div class="cdata"><pre> /index.php?var1=null&var2=123 </pre></div> </div> </p> </div> <div class="sect2" id="language.variables.external.changelog"> <h3 class="title">Changelog</h3> <p class="para"> <table class="doctable informaltable"> <thead> <tr> <th>Version</th> <th>Description</th> </tr> </thead> <tbody class="tbody"> <tr> <td>5.4.0</td> <td> <a href="security.globals.html" class="link">Register Globals</a>, <a href="security.magicquotes.html" class="link">Magic Quotes</a> and <a href="ini.core.html#ini.register-long-arrays" class="link">register_long_arrays</a> has been removed </td> </tr> <tr> <td>5.3.0</td> <td> <a href="security.globals.html" class="link">Register Globals</a>, <a href="security.magicquotes.html" class="link">Magic Quotes</a> and <a href="ini.core.html#ini.register-long-arrays" class="link">register_long_arrays</a> became deprecated </td> </tr> <tr> <td>4.2.0</td> <td> <a href="ini.core.html#ini.register-globals" class="link">register_globals</a> directive defaults to <em class="emphasis">off</em>. </td> </tr> <tr> <td>4.1.0</td> <td> <a href="language.variables.superglobals.html" class="link">Superglobal arrays</a>, like <var class="varname"><var class="varname"><a href="reserved.variables.post.html" class="classname">$_POST</a></var></var> and <var class="varname"><var class="varname"><a href="reserved.variables.get.html" class="classname">$_GET</a></var></var> became available </td> </tr> </tbody> </table> </p> </div> </div><hr /><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="language.variables.variable.html">Variable variables</a></div> <div class="next" style="text-align: right; float: right;"><a href="language.constants.html">Constants</a></div> <div class="up"><a href="language.variables.html">Variables</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div></body></html>