Predefined Variables

PHP provides a large number of predefined variables to any script which it runs. Many of these variables, however, cannot be fully documented as they are dependent upon which server is running, the version and setup of the server, and other factors. Some of these variables will not be available when PHP is run on the command line. For a listing of these variables, please see the section on Reserved Predefined Variables.

Warning

In PHP 4.2.0 and later, the default value for the PHP directive register_globals is off. This is a major change in PHP. Having register_globals off affects the set of predefined variables available in the global scope. For example, to get DOCUMENT_ROOT you'll use $_SERVER['DOCUMENT_ROOT'] instead of $DOCUMENT_ROOT, or $_GET['id'] from the URL http://www.example.com/test.php?id=3 instead of $id, or $_ENV['HOME'] instead of $HOME.

For related information on this change, read the configuration entry for register_globals, the security chapter on Using Register Globals , as well as the PHP » 4.1.0 and » 4.2.0 Release Announcements.

Using the available PHP Reserved Predefined Variables, like the superglobal arrays, is preferred.

From version 4.1.0 onward, PHP provides an additional set of predefined arrays containing variables from the web server (if applicable), the environment, and user input. These new arrays are rather special in that they are automatically global--i.e., automatically available in every scope. For this reason, they are often known as "superglobals". (There is no mechanism in PHP for user-defined superglobals.) The superglobals are listed below; however, for a listing of their contents and further discussion on PHP predefined variables and their natures, please see the section Reserved Predefined Variables. Also, you'll notice how the older predefined variables ($HTTP_*_VARS) still exist. As of PHP 5.0.0, the long PHP predefined variable arrays may be disabled with the register_long_arrays directive.

Note: Variable variables

Superglobals cannot be used as variable variables inside functions or class methods.

Note:

Even though both the superglobal and HTTP_*_VARS can exist at the same time; they are not identical, so modifying one will not change the other.

If certain variables in variables_order are not set, their appropriate PHP predefined arrays are also left empty.

add a note add a note

User Contributed Notes 35 notes

up
69
johnphayes at gmail dot com
11 years ago
I haven't found it anywhere else in the manual, so I'll make a note of it here - PHP will automatically replace any dots ('.') in an incoming variable name with underscores ('_'). So if you have dots in your incoming variables, e.g.:

example.com/page.php?chuck.norris=nevercries

you can not reference them by the name used in the URI:
//INCORRECT
echo $_GET['chuck.norris'];

instead you must use:
//CORRECT
echo $_GET['chuck_norris'];
up
9
webdesign at benking dot com
12 years ago
# this is a follow-up to kasey at cornerspeed's 14-Jun-2004 08:33 post and debabratak at softhome's 14-Mar-2003 12:59 post, minus sessions but including a safety mechanism to block unwanted variables...

# if you are like me and do not want to have to type $_POST[some_var] to get to all your passed variable data, you can safely convert all the data to the variable names (so it is like old style php) by using a pre-defined allowed arg names list like this;

$allowed_args = ',f_name,l_name,subject,msg,';

foreach(array_keys($_POST) as $k) {
    $temp = ",$k,";
    if(strpos($allowed_args,$temp) !== false) { $$k = $_POST[$k]; }
}

# then you can use the programmer friendly (less typing) vars like so;
echo "Hello $f_name";

# make sure you have commas in front of and after each var name in the $allowed_args list, so strpos will never surprise you by mistakingly finding an unwanted var name within another var name
up
11
Anonymous
12 years ago
php.net uses this

// Backward compatible array creation. After this point, the
// PHP 4.1.0+ arrays can be used to access variables coming
// from outside PHP. But it should be noted that these variables
// are not necessarily superglobals, so they need to be global-ed!
if (!isset($_SERVER))
{
    $_GET     = &$HTTP_GET_VARS;
    $_POST    = &$HTTP_POST_VARS;
    $_ENV     = &$HTTP_ENV_VARS;
    $_SERVER  = &$HTTP_SERVER_VARS;
    $_COOKIE  = &$HTTP_COOKIE_VARS;
    $_REQUEST = array_merge($_GET, $_POST, $_COOKIE);
}

$PHP_SELF = $_SERVER['PHP_SELF'];
up
9
lopez dot on dot the dot lists at yellowspace dot net
14 years ago
- Security Issue and workaround -
If You use "eval()" to execute code stored in a database or elsewhere, you might find this tip useful.

Issue:
By default, all superglobals are known in every function.
Thus, if you eval database- or dynamically generated code (let's call it "potentially unsafe code"), it can use _all_ the values stored in _any_ superglobal.

Workaround:
Whenever you want to hide superglobals from use in evaluated code, wrap that eval() in an own function within which you unset() all the superglobals. The superglobals are not deleted by php in all scopes - just within that function. eg:

function safeEval($evalcode) {
    unset($GLOBALS);
    unset($_ENV);
    // unset any other superglobal...
    return eval($evalcode);
}

(This example assumes that the eval returns something with 'return')

In addition, by defining such a function outside classes, in the global scope, you'll make sure as well that the evaluated ('unsafe') code doesn't have access to the object variables ($this-> ...).
up
15
DD32=theonly_DD32[&]yahoo.com.au
11 years ago
I have this function in my main files, it allows for easier SEO for some pages without having to rely on .htaccess and mod_rewrite for some things.
<?php
   
function long_to_GET(){
       
/**
        * This function converts info.php/a/1/b/2/c?d=4 TO
        * Array ( [d] => 4 [a] => 1 [b] => 2 [c] => )
        **/
       
if(isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] != ''){
           
//Split it out.
           
$tmp = explode('/',$_SERVER['PATH_INFO']);
           
//Remove first empty item
           
unset($tmp[0]);
           
//Loop through and apend it into the $_GET superglobal.
           
for($i=1;$i<=count($tmp);$i+=2){ $_GET[$tmp[$i]] = $tmp[$i+1];}
        }
    }
?>

Its probably not the most efficient, but it does the job rather nicely.

DD32
up
5
Anonymous
15 years ago
Wouldn't it be great if there was a variable called $_SERVER["PATH_USERHOME"]. Here is how to set it yourself:

$path_fs = split ("/", ltrim ($_SERVER["PATH_TRANSLATED"], "/"));
$path_fs_rev = array_reverse ($path_fs);

$path_http = split ("/", ltrim ($_SERVER["PHP_SELF"], "/"));
$path_http_rev = array_reverse ($path_http);

$num_same = 0;
while ($path_fs_rev[$num_same] == $path_http_rev[$num_same]) {
    $num_same++;
}

$path_userhome = array ();
$numdirs_userhome = sizeof ($path_http) - $num_same;
echo $numdirs_userhome;

for ($i = 0; $i < $numdirs_userhome; $i++) {
    array_push ($path_userhome, $path_http[$i]);
}

$_SERVER["PATH_USERHOME"] = "/" . implode ("/", $path_userhome) . "/";

print_r ($_SERVER["PATH_USERHOME"]);

;) Happy programming,

Peder
up
11
mike at dbeat dot com
16 years ago
If you're running PHP as a shell script, and you want to use the argv and argc arrays to get command-line arguments, make sure you have register_argc_argv  =  on.  If you're using the 'optimized' php.ini, this defaults to off.
up
4
holger at doessing dot net
10 years ago
On the subject of permalinks and queries:
Say, you use an inexpensive subdomain of (e.g.) www.nice.net, thus www.very.nice.net, and that the domain owner has simply placed a frame at this particular location, linking to the actual address (ugly and subject-to-change) of your site.
Consequently, the actual site URI and various associated hashes and query strings are not immediately visible to the user. Sometimes this is useful, but it also makes bookmarking/permalinking impossible (the browser will only bookmark the static address in the top frame).
However, as far as the query strings go, there is workaround. Instead of providing users with permalinks to the actual URI (e.g. prtcl://weird.and.ugly/~very/ugly.php?stuff=here; may even be subject to change), I provide them with this: prtcl://www.very.nice.net?stuff=here.

In brief, I then use the following code to re-populate the $_GET array:

if (isset($_SERVER['HTTP_REFERER'])) { // If set, this page is running in a frame
    $uri = parse_url($_SERVER['HTTP_REFERER']); // grab URI of parent frame
    $querystring = ($uri['query']) ? $uri['query'] : false; // grab the querystring
    if ($querystring) {
        $vars = explode('&', $querystring); // cut into individual statements
        foreach ($vars as $varstring) { // populate $_GET
            $var = explode('=', $varstring);
            if (count($var) == 2) $_GET[$var[0]] = $var[1];
        }
    } // no, nothing to report from the 1];
  &nport fnbs;   } // no, nothing to report from the 1];
u1];u1];<(.registecode>rarever, )ress ibhis defaultsin t(re rabje)nbsprmalin />&nway (
up
938id
14 years ago
938id=plass="html"> On the subject of permalinks and qi />$PH).ite rgv&nbhese sssers*_VARSomeupdaou avironmately vironmatlacediv> < b  clrdaou, irriwET['chuck_n"/" . ire like { // If sen yo"re like "ing ? sen yo"re like "ibr ; $_ENV  &o"re like "i/div>
up
2857d
0
holger at doessing dot net
12 years ago<08iv>
2857d=plass="html"> On the subject of permalinks and qTo urban < ll mOecho $_14-Marbnbsplit ( subdomsubdom/>    ['PATH     =">$tmp =TP_GET_VARS;
exploss="u=$_POST  an>$i$tmp =TT_VARS;
 pan>exploss="u=$_POSV  &an>$i$tmp =TP_ENV_VARS;
exploss="u=$_POSVER an>$i$tmp =TARS;
&nbpan>exploss="u=$_POSCOOKIE an>$i$tmp =TARS;
&nbpan>exploss="u=$_POSREQUEST = aan>$i$tmp =TT, $_COOpan>explode$tmp);$tmp, =TT_VAan>$tmp, =TREQUESpan>$i
Its probably not the most efficientck unetlacedbe popu eval  note ofactualhese lre rit (ely fixd a fflaw/div>
up
565id
0
holger at doessing dot net
11 years ago<22iv>
565id=plass="html"> If you're running PHP as a shell scedisstru enIET[ul_ thclass=#ini.variable />&nwayr ;v> Ndiv> Filml not
<30678d="Vu72829"> up
30678des-voted59
holger at doessing dot net
14 years ago<2an >
If you're running PHP as a shell scedseemltlacedwendly (lwishase or


In addiATH_USERHOME"]/>}

for fn(p_USERHOOR$path_htewre like p= fn(p_USERHOUSERHOAl>HTTP_*ltbwell thTH_U />/ed in d $_riablys ca.0+ o idtitlbleatwen cor sly possiblwaceed setup d $_r/>echo $_/>  l://t($_SElacedwell thys ca.0ming varo $_14 ca.0+TH_Uwell th$titlbleatsectiondly (l ef="ini_SE$titlbleatit (
In addit notHaving meanltlacedweceed setuppu>  &nbed.

associhe configuralaceduslfs = nro $_14 ca.0,oming
Irgv&n />&nrthettleo nteneralcode) {
  fn1(p; $vars $vars = expling);$vars = expling);
lbleo= "/>In addiATH_USERME"] = "/" . fn1(p/>
for (titlbles
In addi"/" . ire lbleo= "12345"/>
for (titlbles
  fn2(p; $vars $vars = expling);$vars = expling);for (titlblesH_USERME"] = "/" . fn2(ps
forsbr />lbleobals. server s "12345"E"] = "/" . l_ thc/en his-&giefaultsed.

asa to the s = sp the ath_f>In addital classen/>cor s = spth_f>In addi, (blys ca.0)in the sdtitlbleoa topvothis: d $_r>echo $_/> atsectHP di okmark y od s rry.nice_14 ca.0+Tregip>In addit notHdiv>
<8079id="Vu28614"> up
8079ides-voted57
holger at doessing dot net
14 years ag8
On the subject of permalinks and qTo tokiking hanlass="gennet:storetookelacednp; clr xt --g a premefor sap tit intd// PHP/d do not waIfdactuaheir appropr s tass="ges

pSVERdissp;ivar claultand ry), it e sureenvoess ibhi"cachitler pSVER />ifa to thednguff=hsubdomsubdom/>    $i$_SERVER'PATH_INFO'       )oop through and apend it into thee tol(}
'/'
,      &nbs);E"] = "br />
Its probabhei_duspan>$i$_SERVER'PATH_INFO'       )oop through and apend it into thee tol(tru /E"] = "br />
Its probably not the most efficienFdefault" "/>
me_vaers*TregiTregit() new arraysare like meby phrbnbspdns someTregi_revT_COOe"> ne
<36167d="Vu50044"> up
36167des-voted57
holger at doessing dot nets-&rd c"genazhor" href="#63312"> ¶
14 years ago
On the subject of permalinks and qTht" a/langn/>taccesbominspnd vay: talw make s/>echApachiupon whic// PHP/iv>
up
4620des-voted54
holger at doessing dot net&nbc>
10 years ago
4620d=plass="html"> On the subject of permalinks and qDecl:/ition, "p in all sco" predef

i/>me_vartitrar />forter tnamet provseemdwendly ( thido:/itsomniablanibsp;     for($it">long_to_GET$ifor =TT, $_COan>'PATH_INFO'long_to_GET$i=TT, $_COan>'PATH_INFO'[44br />      &nbs }
   to_GET
$i ing to "br />
Its probably not the most efficienCthis, in varote> ()ress ica.g.) ter the-level d> < bomals.he cons, ia tolaced"itlersP predef>echd var> <_ote> ()br s go, thi.ini,te">   
for(<=TT, $_COan>'PATH_INFO'[br />      &nbs }
 it">long_to_GET
$ifor =TT, $_COan>'PATH_INFO'long_to_GET$i=TT, $_COan>'PATH_INFO'[44br />      &nbs }
   to_GET
$i ing to "br />
Its probably not the most efficienTendle).for 44bthe following cocnd variocethi.ini,tpage=lr sat]; }, you dd &nbs+ o &nblobal-ed!
g.)&nbs+*;Wheney phrbnbspdns someiiableare ofe.nebleatclr t ("rmalin />&nming&rgc arr thisniont withibectua coct($_SEaers* < -P pdress iabwell th$TT, $_CO>/elie it aey thip;ivarsp; $uri = padifhe URt new arraysthe followingy phn the"solutadd"+ o &okmaruse prete .g.)2007oteerl div>
up
8765des-voted5>
holger at doessing dot net
11 years ago
8765d=plass="html"> On the subject of permalinks and qAgc arraes
i/>me_van the URI:$PHP_ovidin user.>
<30278d="Vu72829"> up
30278des-voted5>
holger at doessing dot net
14 years ago
If you're running PHP as a shell sc.ini,t/>quir$this-> .P up!" cla Vini.variabledifhe URt als/ vironmat an addp>rgc deablewishase mr, agbnp; ion, >$pa haveis->r /br />&nhettleosnippe; clr netbr />Ihelpa haalcode) {
  fn; &nbssp; _eis-&g(p; $vars $vars = expling); an add(p_USERHOUSERHO= expling);    } // n$T  >    } // n=n$T  }
    } // n$V  &   } // } // n=n$V     = &$H } // n$REQUEST = a } // } // n=n$REQUEST = array_merge($_GET, $_P } // n$SESSIONT = a } // n=n$$_POSCOSSIONT = array_merge($_GET, $_P } // n$SEOKIE  } // } // n=n$p; $_COOKIE  = &$HTTP_COOKIE } // n$VER >    } // n=n$$_SERVER  = &$HTT> ing to reporting);    } // n$T  >    } // n=n$    } // n$V  &   } // } // n=n$SV&nbnbsp;  = &$H } // n$REQUEST = a } // } // n=n$TREQUESrray_merge($_GET, $_P } // n$SESSIONT = a } // n=n$SCOSSIONrray_merge($_GET, $_P } // n$SEOKIE  } // } // n=n$_COOKIE; = &$HTTP_COOKIE } // n$VER >    } // n=n$RVER; = &$HTT> ing to ME"] = "/" . fn; &nbssp; _eis-&g(p/div>
<63708d="Vu72829"> up
708des-voted50
holger at doessing dot net
11 years ago
3708d=plass="html"> If you're running PHP as a shell sviding ua

 "/(?i)([a-z0-9_]+)\/([a-z0-9_]+)\/?/e", = &$HTT> 'sp; &n\'$1\'home)$2"ivid = &$HTT> ({ // If set, thisord">]);]);
<5230id="Vu28614"> up
230ides-voted50
holger at doessing dot net
12 years ago
230id=plass="html"> If you're running PHP as a shell s$_GETr pST, $_CO> use* *van the URI:< o &nbinspenbsvck />$PH>rgc $_SERVEgc $_REQUES 12arget="_bvotk"> &nb://l sitode/indexriabla$_G=abc02-16d do not waindexriabalcode) >    $tmp       mp      &nbs;E"] = "br />
Its probab);
$tmp);$tmp); );,      &nbs);E"] = "br />
Its probab);
$tmp);'PATH);E"] = "br />
Its probably not the most efficienoutputalcode)] => 2a$_Gp;  wbb )lcode)] => 2a$_Gp;  wabcb )liv>
<4165id="Vu9776"> up
4165ides-voted50
holger at doessing dot net
12 years ag4<2div>
- Security Issue and workaround - If Yoaruse-he following coinspnd va o yellowg> tout hr els:/itsoe _all_ the values stalcode) {
    unset($GLOBALS);
&nnbs   } // n; unset any other sunbs   } // nbr />    return eval($evalcodenbs   } // n/>
(This example assumes }div> /e> TP_*clgo, thaeableaersized' phy phut ilem prethenway (at als handaria/>  &ar clzed' phIf s example server s global scode worabsp;atsectrunltlaced/> atthen"/>&nb" oess ibhieffenbsvc theselr, as sry.nice_body clr aon safeEval(he followingyryrsp; $urit phrbnbspmple ion, s example  s $_GET =hsubdomsubdom/>    explpan>,  f(p; $vars = expling);      &nbs;E"] = "br />
Its probably not the most efficienTendl);
explpan>,      &nbs;E"] = "br />
Its probably not the most efficienhaoess inlr t ("ibhi prtcld ced a fwell thlevellzed' phI deables, i t, ie's retpost($_SEaers* />&nwayrmalinoier Ssystem (als 4.3.4)fa to thedngufnblinkite ivomd:
Whesbabbookrtnly bg s defa"n eval"(he followingAre is worIo theta>  &ar c etc.providing ablem thehr c lacedutu eva:ess ibhized' phWacedwe'd ner/>es (cedleast): = &$HTTP-) tey o dison, tia f"n eval" a/langsvck(insordngsvck exa)the folp;$HTTP-) tey o shp; clf ivomclass-his-> .lobal-ed!
ef
228ides-voted45
holger at doessing dot net
12 years ago<58iv>
228id=plass="html"> On the subject of permalinks and qThtding u

ayd; .lalucomhr elsetals s stsfiarias and mosp; $urit phrissinlr s romiss, ia trit() s stized' phAl);Whesbsp; &nized' phWaile bookmarkpef="id_14 caprovidi' u

als. .ugly/comgsvcsini,tp thempopuabilf Yo;prti/>
&nbts, in vaare like p the URI:otzed' phIe's s, in wors sts$n /s, the followingy phspenificsa(
$path_insordngohis-> .well thtitle="Vochuck_n"/" . />    for(<">for($$path_h/span>);xOpan>explodeexph/span>);s st_to_ exapan>exp, ,<"n eval"an>'PATH)p; $vars = explode('&', $querystr/span>);]; }Opan>explodeexph/span>);s st_to_ exapan>exp, ];}
      &nbs,
=xr />      &nbs-];}
      &nbs;     if (count($var) == 2/span>);]; }Opan>exp.lodeexph/span>);s st_to_ exapan>exp, ];}exph/span>);s st_to_ exapan>exp, ,<";"an>'PATH, =xr />      &nbs) + ];}
      &nbs;     if (count($var) == 2/span>);s st_to_ exaOpan>explodeexplo exaOh/span>);s st_to_ exapan>exp);E"] = "br />
Its probably not the most efficienOlr t ("rmlace'bl/>/edalin$n /s, ho $_/ath_be popuni,t exaOiedletsini,t/>mnbspivoms stsni,tdeablews to geletosp; the dolaonly bg artialueaanactua$n /s, hru"Votliv>
<42270d="Vu72829"> up
42270des-voted45
holger at doessing dot net
12 years ag4
On the subject of permalinks and qte rgrcbenderspbspass="genanchuck_n"/" . />&nbsults />Wheshuck_n"/" . /g.) e ug_relocat (a$nt1.0n: |\;[^\;]*$i[^\;]*\;|Uisat/>locatrays: ";"atwenopu$i prethenholg=of ivomef
<62735d="Vu72829"> up
2735des-voted44
holger
11 years ago<51iv>
2735d=plass="html"> On the subject of permalinks and qtviding ua difhe URI:< o &nb&ar c of eg. java:=#ini.varialacediv> p!" cla < implassen/>cut &nworksTTP_REFERER'])) {tru ing to $vars = explohaome'ileaerss'_USERHOME"] = "/" . >for $a($iv>
<56717d="Vu50044"> up
6717des-voted44
holger at doessing dot net
12 years ago
6717d=plass="html"> If you're running PHP as a shell scnssue />&nsdiv clr aarray: stiotlab claultout decl:/ition, lobal-ed!
    exp populate/span>);<>$PH>pan>expahe/span>);aulOpan>expl /span>);f="inpan>exp)ng to $vars = explo= explo= explo= explosionlate/span>);aulpan>exp)ng to = explo= explo= explo= explo $vars = explo= explo= explo= explo= explo= explo= explo= explocag.),<"submit1.dssp;_1"an>'PATH:$vars = explo= explo= explo= explo= explo= explo= explo= explocag.),<"submit1.dssp;_2"an>'PATH:$vars = explo= explo= explo= explo= explo= explo= explo= explocag.),<"submit1.dssp;_3"an>'PATH:$vars = explo= explo= explo= explo= explo= explo= explo= explo= explo= explo= explo= explo$/span>);aulOpan>explp/span>);f="inpan>exp;atieakTH_USERHOME"]/>}
,<"drtclrancssp;"an>'PATH:$vars = explo= explo= explo= explo= explo= explo= explo= explo= explo= explo= explo= explo/span>);f="inOpan>explp/span>)do_p>In addi_spenial_ion,pan>exph/span>);f="inpan>exp)     if (count($var) == 2) $_GET[$var[0= explo= explo= explo= explo= explo= explo$/span>);aulOpan>explp/span>);f="inpan>exp;    if (count($var) == 2) $_GET[$var[0= explo= explo= explo= explo= explo= explotieakTH_USER= explo= explo= explo= exploing to ME"] = "br />
Its probably notiv>
<5668id="Vu72829"> up
668ides-voted44
holger at doessing dot net
12 years ago
668id=plass="html"> On the subject of permalinks and qThtdinseemltlo idmaximum sizc of aulOtaced hav the/g.).core.en$SCOSSION

/odl On5.hp.ini,texceee />&nlength,p>als. seemltlo
<51757d="Vu50044"> up
1757des-voted44
holger at doessing dot net
12 years ago
1757d=plass="html"> On the subject of permalinks and qFromtals 5.0.3 lssine up!" cla>

oin the$_POST  kg>& dison, dsbabts prob. s="vbackter this ptibilf Yo hav the>oi= Onhe following in ggnbspebig WARNINGa> rovidin
cednne ion, &nbins stir_-ed!
<35627d="Vu50044"> up
35627des-voted44
holger at doessing dot net
14 years ago
If you're running PHP as a shell sc.iany

.ini,tsp; oh/ut ilem ion, uploadctua iarias an.well tsiclf viding ue).&n o &nbtop clr a fs stalcode) {
&$path_h;unbs($aul,br /l)i= pulate$_FILE);p; $vars = explode('&am${$aul}=$_FILE)[$aul]['tmp_holg']TH_USER= explo= explo$path_h;unbs($aul1,br /l1)i= pulate$ /l)p; $vars = explode('&', $querystr${$aul."_".$aul1}=$_FILE)[$aul][$aul1]TH_USER= explo= exploing to ME"] = "/" . = expl= exploDanielliv>
<31772d="Vu50044"> up
31772des-voted42
holger at doessing dot net
14 years ago
On the subject of permalinks and qFcore. g.)clrublwaotdeablesp; o a fluxre oclrupgradctua o &nbHP dssaran addiclrols ddias inlre). />/ siee).snvidi' u osnippe; clr netlacedwivarselp:$vars = explo= explo// Mssiblavassdn, tia g.)lobalsed.

snlacediv> ma clrols d_argsvtiona.$vars = explo= exploicho // Ite$p; $_COOKIE ))ng to = explo= explo $vars = explode('&', $querystr$set, th = ss="u$p; $_COOKIE  = &$HTTP_COOKIEing to report from thdvars = explo= exploicho // Ite$p; $_T  ))ng to = explo= explo $vars = explode('&', $querystr$sSERV= ss="u$p; $_T  }
   ing to report from thdvars = explo= exploicho // Ite$p; $_V  &))ng to = explo= explo $vars = explode('&', $querystr$s>$PH>= ss="u$p; $_V     = &$Hing to report from thdvars = explo= exploicho // Ite$p; $_REQUEST = a))ng to = explo= explo $vars = explode('&', $querystr$sREQUES = ss="u$p; $_REQUEST = array_merge($_GET, $_Ping to report from thdvars = explo= exploicho // Ite$p; $_V&nbsFILE);png to = explo= explo $vars = explode('&', $querystr$sFILE)>= ss="u$p; $_V&nbsFILE)rray_merge($_GET, $_Ping to report from thdvars = explo= exploicho // Ite$p; $_VER png to = explo= explo $vars = explode('&', $querystr$sVERd= ss="u$p; $_VER  = &$HTTGET, $_Ping to report from thdvars = explo= exploicho // Ite$p; $_SESSIONT = a))ng to = explo= explo $vars = explode('&', $querystr$setSSION = ss="u$p; $_COSSIONT = array_merge($_GET, $_P}lowingy phn the="taf it e sbookmarkthced a di' unop>ayd; .rgv&n /em lobalsed. . ChaRI:odiv> /e> TP_,hi.ini, this defaa ye; clred.

sninnactuas stsni,tes
<3048id="Vu28614"> up
3048ides-voted42
holger at doessing dot net
14 years ago
On the subject of permalinks and qWer the:$vars p.ini,t/g.)dyholic=#ini.varia = paloc &ar catthenf= like pbr /able"s, i"hc/en ittes
  Ens som($Vini.var_Nolg='_V&nb'p; $vars = explode('&am);
&}o// End Ens somhe followingy isa(
/ stasalinrt.rgv&sofe.nethin) teytliv>
<43228d="Vu72829"> up
43228des-voted41
holger at doessing dot net
12 years ag4
If you're running PHP as a shell scnsp; oh/f"w 14 ca&n o e_ o (debabratapost,sofe> lg="gennet)(ET, $_PF &nbth,bdntracanefaavarni,rr#ini.variafromtults />Whes#ini.vara

snis ratsp; cumban lg=e.&nmiompatlssip; runbtimcsatsectwasa.sempopumempoyized' phy pn,rni,rrbhese lissp;artnly e).    exp>for =T/span>$tmp'PATH]lo/span>exp>for =sesret_his-&gpan>exp;a/span>];}exphp_USERHOUSERHO/span>exp>for =TCOSSIONan>$tmp'PATH]lo/span>
Iault">exp>for
=sesret_his-&gpan>exp;a/span>dntraca_-ed!exphp_from thdspan>exp>for =T/span>$tmp'PATH]lo/span>exp>for =TCOSSIONan>$tmp'PATH]lo/span>
Iault">exp>for
=sesret_his-&gpan>exp;a/span>ARE COMPROMISED!""] = heeDO NOT USEa=sesret_his-&gO!""] = heeUSEa=TCOSSION["sesret_his-&g"]te">ly not the most efficienSeser th,bIa(
o 14 ca outr a ffacanlacedillk />$PHP_=T/spatsect$sREQUES #ini.variaoret car cl_ the valueal mO ba/>/ ddi.com is ltfrom thuglychuck_n"/" . />   
exphp_USERHOicho // Ie/span>);$tmp'PATH]))ng to $vars = explo= explo/span>'PATHicho // Ie/span>);<>$PHan>$tmp'PATH]))ng to = explo= explo $vars = explode('&', $querystr($evalcode;$HTTGET, $_Ping to report from th($evalcoding to eiseicho // Ie/span>);<>$PHan>$tmp'PATH]))ng to $vars = explo= exploichoe/span>);<>$PHan>$tmp olgean>'PATH] =p'PATH) ANDte/span>);<>$PHan>$tmp'PATH] =p'PATH))ng to = explo= explo $vars = explode('&', $querystr/span>);$tmp'PATH]mp[tru Ean>exp;    if (count($var) == 2($evalcode;$HTTGET, $_Ping to report from theiselass="= explo= explo $vars = explode('&', $querystr/span>)s-&gisc_/>&nbpan>exphp_USERHO= explode('&', $querystr/span>)s-&gisc_dnsorolpan>exphp_USERHO= explode('&', $querystr/span>)$d> <_msgOpan>explp/span>$tman>'PATH_USERHO= explode('&', $querystr/span>)$resrd"_taccepan>explp/span>'PATH_USERHO= explode('&am}valcoding to eiseicho // Ie/span>);lsgoffan>'PATH))ng to $vars = explo= explo/span>)s-&gisc_/>&nbpan>exphp_USERHO= explode('&am/span>)s-&gisc_dnsorolpan>exphp_USERHO= explode('&am=suis-&g_msgOpan>explp/span>'PATH_USERHO= explode('&am/span>)$resrd"_taccepan>explp/span>'PATH_USERHOing to eiseng to $vars = explo= explo/span>)s-&gisc_/>&nbpan>exphp_USERHO= explode('&am/span>)s-&gisc_dnsorolpan>exphp_USERHO= explode('&am=resrd"_taccepan>explp/span>'PATH_USERHOing to />quir$te/span>);resrd"_taccan>'PATH);E"] = "br />
Its probably not the most efficienS-&gisco#ini.vargtiv> 'PAvagtnlrmagnitude har(UR loahis romisl_;prti>$PHP_/spatsectREQUES ds lthsiRI:< ).es uniquiv>o pulatcliURt ly p lgwacedrly omcomg>If Yoar ly robimonggconc atthennact ner/>te .g.)SSL siecag.)ni,rrliaffic>mingbgisniffr/>(siRI:< ).clrb-/>If Yosectpmbiguf Y,P prese mrnbsp; wasa.ctRPU cyc"Votzed' phFcorprivonggap licaanddp>(>n&sotaced havdeablews to/>nlynwayso hav thee uve tomaliciouathis-&gOprete 1) .g.)b-&giscrete ensurgithced a el UR i af="id_(.core.at>tacc)atsect2) .g.)SSL-encrypbsp; se e uve tob-&gisc-hijaconlythe followingKase he followingint/>loyd; chuck_n--------------------------------------------------------------huck_n debabratapost,sofe> lg="gennethuck_n14-Mar- agoclud59huck_nA_argssp;s, hreg stir_-ed!
quir$_onc ()/odleop clr evay>taccthe followings-&gisc_p;arthp_USERHO$] =&gLunbs=a

("T/sp", "<>$PH", "_ng"s($$gbl] =&g); = &$HTT> /popula($ng"ssas $ng") = &$HTT>  $vars = explode('&', $uerystr$$aulO=hss=m(${$gbl] =&g}[$aul]); = &$HTT> ing to ME"] = "/" . y >&npuhisad moait e&nbokmark th#ini.variafut methincluddefaultse up!" cla>#ini.varithsouIo thekeeprs sdefaultsor /p;yle.rN e_ .at,r aiors stsbr /P prehandaree.en$SFILEthe followingHr c laisrselpop lg
<3172id="Vu28614"> up
31724des-voted41
holger
14 years ago
On the subject of permalinks and qInt/>loyd; dnsoes>Ieo ge/g.)ufiors stssectlsg BOTHee.eniptsecte).< roxYoapthe followingicho set, thi"p; $_X_FORWARDED_FOR"]p; $vars = expling);&}oeise; $vars = explqicho set, thi"p; $_CLIENT_IP"]p; $vars = explquerystr$ipt= set, thi"p; $_CLIENT_IP"]_USERHO= explo}heise; $vars = explquerystr$ipt= set, thi"REMOTE_ADDR"]_USERHO= explo}USERHOME"] = "/" . >for "torr,IP $ip>for "torr, roxYoIP ior$ roxY>
21952des-voted38
holger at doessing dot net
14 years ag2
If you're running PHP as a shell sc.i havtryr />&alcode) {
$PH>#ini.varotliv>
<1424id="Vu9776"> up
1424ides-voted33
holger at doessing dot net
14 years ag1-07-23 06:1div>
If you're running PHP as a shell scttes
$p; $_RAW_V&nbsDATA<>nlynexis ssslre)./edly p ,ath_his-&gs, hraw 14sedds leoromt PH$_POt.com r>quir$sofebts, iencuyp"=ninnactuaHTMLtliv>
<36878d="Vu72829"> up
36878des-voted33
holger at doessing dot net
14 years ago<10-25 10:21n >
If you're running PHP as a shell scnspdialw makmis gv&nlynas umd:
Whes$sREQUES ($path_pinhe up) washidenan ina o &nboutdong t$p; $_REQUEST = atzed' phHowgo, thi.ini,nas ignalcode) {
 $]; }-y nopushRedButtsc(); = &am ME"] = "/" . thenn &nbworld:ess ibhtialue/popvantzed' phMr />ats=ow clf i newbieatort lg
<76062d="Vu50044"> up
76062des-voted30
holger at doessing dot net
14 years ag7
On the subject of permalinks and qtvi>nly_DD32,bIar!" cla>actua/>  a     'PATH/>  "br />
Its probablssi_toT/span>$tmpe/span>);PATH_INFOpan>expl/span>'PATH) $vars = explode('&', $querystr/span>14arget="_bvotk">http:// On.net/GLOBALS01-17g to = explo= explo= explo= explo**/$vars = explode('&', $querystr/span>'PATHice/span>);PATH_INFOpan>expll/span>'PATHss="uss="u // Ie/span>);$tmp'PATH]) ss="uss="u /span>);$tmp'PATH] !lp/span>'PATH) $vars = explode('&', $querystr= explode('&am=PATH_INFOepan>explp/span>);$tmp'PATH]TH_USER= explo= explo= explo= exploing to = explo= explo= explo= exploice/span>);PATH_INFOepan>exp!lp/span>'PATH) $vars = explode('&', $querystr= explode('&am=t }Opan>explode$tmpe/span>'PATH,/span>);PATH_INFOpan>exp)     if (count($var) == 2) $_GET[$var[0exp/>&nbe/span>);t }r />      &nbs)0an>'PATH])     if (count($var) == 2) $_GET[$var[0exp/poe/span>);ipan>expl/span>];}
      &nbs;/span>);ipan>exp>];}exph/span>);t }r />      &nbs);/span>);ipan>exp+l/span>];}<2an>'PATH) $vars = explode('&', $querystr= explode('&am= explo= exploice/span>)assporpan>exph/span>);t }r />      &nbs);ipan>exp],/span>'PATH)!ll/span>)f iseln>'PATH) $vars = explode('&', $querystr= explode('&am= explo= explo= explode('&am=t }1Opan>explode$tmpe/span>'PATH,/span>);t }r />      &nbs);ipan>exp])     if (count($var) == 2) $_GET[$var[0= explo= explo= explo= explo/span>)$n /e_assan>$tmpe // Ie/span>);t }1r />      &nbs)1r />      &nbs])?/span>);t }1r />      &nbs)1r />      &nbs]:/span>'PATH,/span>);T/span>$tmp);t }1r />      &nbs)0an>'PATH]])     if (count($var) == 2) $_GET[$var[0= explo= explo= explo= explo/span>);ipan>exp--     if (count($var) == 2) $_GET[$var[0= explo= explo}heise; $vars = explquerystrunt($var) == 2) $_GET[$var[0= explo= explo= explo= explo/span>);T/span>$tmp);t }r />      &nbs);ipan>exp]home // Ie/span>);t }r />      &nbs);ipan>exp+/span>)1r />      &nbs])?/span>);t }r />      &nbs);ipan>exp+/span>)1r />      &nbs]:/span>'PATH     if (count($var) == 2) $_GET[$var[0= explo= explo}    if (count($var) == 2) $_GET[$var[0}    if (count($var) == 2}    if (coME"] = "/" . /span>)ly notiv>
id="63
)63312&page=laaddge.variablsect;vote=up" title="Vote up!" class="u upilang=http://fr2. On.net/page=lafa/vote=up" title="Vote up!" clariabm>ade ar   <='12'> ade ar 01-17id="63divect 063" cvect