My PHP journey part 6.

Okay, so it’s been a while since I’ve last posted – the truth is, a. I’ve been trying to get around all of this and secondly, I’ve been trying to figure out what I want to do with this php knowledge.  Now, I know it’ll be totally, amazingly cool to look at a php and just think “yep, I know what that’s doing.” Because to most people, they’ll look at it and think and have no idea what’s going on.

Now at this stage, just over half way through the ten week course, I can say I that I can look at some script and know what’s what.  But then again, I am looking at someone else’s logic, so to try and work it out what it’s doing would be a total and utter nightmare – this is how I see it so far. So what do I want to do next?

Well seeing as the most of my work is WordPress based, I would like to start building my own WordPress themes.  Plus I think I would have fun with the css aspect of it – the best of both worlds. Anyway, that’s that for now.  Today we’re going to tackle…


What are superglobals?

They sound pretty cool right… Wrong, they’re really quite complicated.  But to try and explain what they’re all about, I am going to use the following analogy… And hope that hardcore coders who may be reading this applaud it. Imagine the world is a matrix, just like the film and everything in it is either a variable, an array or some kind of data type, if this is the case, then the superglobals are the agents.

They’re not necessarily keeping things in check, but they have the power to do more than ordinary php data types, functions or arrays.  This means, just like the movie that they’re not to be trusted unless they’re validated. Superglobals come in the form of arrays. The superglobals consist of…

  • $_GET contains variables sent via a HTTP GET request – ie, as a query string in the URL.
  • $_POST – contains variables from an HTTP POST request, eg a form submitted with method=”post”
  • $_COOKIES – variables from HTTP COOKIES eg, a cookie on the users’ machine
  • $_FILES – variables sent via HTTP POST file upload
  • $_SESSION – a special per-connection id, “session cookie”, stored server-side (of course)
  • $_SERVER – variables about the server (some can be spoofed)
  • $_ENV – variables set by the system or shell in which PHP is running
  • $_REQUEST is a superset of $_GET, $_POST and $_COOKIE

This is paste and copied from our course notes as to why we need to validate our superglobals.

[box color=”green” align=”left”]

In starting to use superglobals, we’re moving away from just learning PHP syntax and starting to look at actual web problems – what PHP was made for. Many superglobals accept user-supplied data, which is always potentially dangerous: — random stuff typed on the url by curious users, malicious file uploads, SQL injection code typed in forms, etc. — so we shouldn’t ever use it without validating: we have to start thinking defensively about our code. Is the supplied data the right data type? Is it blank when it shouldn’t be?

Should there ever be numbers in someone’s name? Does a supplied email fit the accepted formats? and so on. Actually, you should do this anyway, not just with superglobals. Does the array you want to pass to foreach() contain anything? is it even an array (try passing a non-array to foreach)? etc. Here are some built in functions that you need to know, which let you interrogate the data in your script.


Leave a Reply

Your email address will not be published. Required fields are marked *