PHP programming - Predefined Variables

Compiled by: Frank Yap

In this section we'll see examples of predefined variable uses.
Resources

Lab Exercises

 
Exercise 1: $GLOBALS variables

 
$GLOBALS variables have global scope.
Notice when global variable $GLOBALS['row'] is created.
Notice $GLOBALS['row'] and global scope $row are identical.


$GLOBALS['row'] = 3;    // global variable is created 
echo $row . "<br>"; // 3, $row is identical to $GLOBALS['row'] 
 
function setRow ($val) { 
$row = $val; // $row is local 
$row2 = $GLOBALS['row']; // global variable is used 

 
setRow (5); 
echo $row . "<br>"; // 3, global $row is not affected by setRow(5)

Output ---
3
3
 

Exercise 2: $_GET variables

 
Example of using $_GET variable.
 
Form submission with GET method.
Type in a name and press the submit button.
Since action="", the form data is sent to current page.
Server side code of current page will take care of the data.
$_GET['user'] will contain the user's input data.
The input's name value and the $_GET's key should match.

Username:

// client side 
<form name="input" action="" method="get"> 
Username: <input type="text" name="user"> 
<input type="submit" value="Submit via GET"> 
</form>  
 
// server side 
if (isset ($_GET['user'])) { 
$welcomeGET = "Welcome <b>".$_GET['user']."</b> from GET<br>"; 
echo $welcomeGET; 
$_SESSION['user']=$_GET['user']; 
}
 

Exercise 3: $_POST variables

 
Example of using $_POST variable.
 
Form submission with POST method.
Type in a name and press the submit button.
Since action="", the form data is sent to current page.
Server side code of current page will take care of the data.
$_POST['user'] will contain the user's input data.
The input's name value and the $_POST's key should match.
 
Username:

// client side 
<form name="input" action="" method="post"> 
Username: <input type="text" name="user"> 
<input type="submit" value="Submit via POST"> 
</form> 
 
// server side 
if (isset ($_POST['user'])) { 
$welcomePOST = "Welcome <b>".$_POST['user']."</b> from POST<br>"; 
echo $welcomePOST; 
$_SESSION['user']=$_POST['user']; 
}
 

Exercise 4: $_SESSION variables

 

$_SESSION variables stay from creation time until client browser closes.
You can store any strings as the session variables and use them as persistent storage while session is alive.
To store objects, serialize the objects to convert to string and store.
You can remove $_SESSION variable by issuing unset($_SESSION['varName']).

Note: To use cookie-based sessions, session_start() must be called before outputing anything to the browser.
 

Display user name obtained from $_SESSION variable.
 
User = ?

if(isset($_SESSION['user'])) 
echo "User = <b>". $_SESSION['user'] . "</b><br>"; 
else 
echo "User = <b>". "?" . "</b><br>";
 

Exercise 5: $_COOKIE variables

 

$_COOKIE variables stay from creation time until the expiration time.
Cookie may be disabled by clients in their browser so cookie storage is not a reliable method.
You can set cookies using the setcookie() or setrawcookie() function.
Cookies are part of the HTTP header, so setcookie() must be called before any output is sent to the browser.
You can store values and dates as the cookie variable and use them as persistent storage until the expiration time.
 
Display cookie value obtained from $_COOKIE variable.
 
User visits = 1

if(isset($_COOKIE['visits'])) { 
$visits = $_COOKIE['visits']; 
echo "User visits = <b>". $visits . "</b><br>"; 
//setcookie ('visits', $visits+1, time()+60*60*24*90); 

else { 
echo "User visits = <b>". "1" . "</b><br>"; 
//setcookie ('visits', 1, time()+60*60*24*90); 
}
 
Exercise 6: $_FILES variables

 
POST method lets people upload both text and binary files.
The global $_FILES arrays contain all the uploaded file information.
 

The contents of $_FILES from an example form is as follows. Note that this assumes the use of the file upload name 'userfile'. This can be any name.
 
$_FILES['userfile']['name']
The original name of the file on the client machine.

$_FILES['userfile']['type']
The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted.

$_FILES['userfile']['size']
The size, in bytes, of the uploaded file.

$_FILES['userfile']['tmp_name']
The temporary filename of the file in which the uploaded file was stored on the server.

$_FILES['userfile']['error']
The error code associated with this file upload.
 
Files will, by default be stored in the server's default temporary directory, unless another location has been given with the upload_tmp_dir directive in php.ini.
 

Upload a file. Select a file with size less than 100K bytes.
 

File = ?
See below for upload details.


// client side 
<form action="" method="post" enctype="multipart/form-data"> 
<input type="file" name="uploadFile" /><br /> 
<input type="submit" value="Upload File" /> 
</form> 
 
// server side 
if(isset($_FILES["uploadFile"])) 
echo "File = <b>". $_FILES["uploadFile"]['name'] . "</b><br>"; 
else 
echo "File = <b>". "?" . "</b><br>";

If the FORM ACTION is set to "" then the data is sent to current page.
The key name "uploadFile" of $_FILES["uploadFile"] should match with value of name="uploadFile" in the form.

Once file is uploaded to the server's temporary folder, it has to be moved to local website folder.
The following code moves the file. The "uploads" folder is created at the root directory (where index.php or in our case phpLab#.php files are located) of the website for this purpose.
 
if(isset($_FILES['uploadFile'])) { 
$uploaddir = './uploads/'; 
$uploadfile = $uploaddir . basename($_FILES['uploadFile']['name']); 
 
echo '<pre>'; 
if(isset($_FILES['uploadFile'])) { 
echo "File = <b>". $_FILES['uploadFile']['name'] . "</b><br>"; 
//echo "Error = <b>". $_FILES['uploadFile']['error'] . "</b><br>"; 
} else 
echo "File = <b>". "?" . "</b><br>"; 
 
if ($_FILES['uploadFile']['size'] > 1024*100) { 
@unlink($_FILES['uploadFile']['tmp_name']); 
echo "<span style='color:red;'><b>Large file uploading not allowed. File discarded.<br></b></span>"; 
} else { 
if (move_uploaded_file($_FILES['uploadFile']['tmp_name'], $uploadfile)) { 
echo "File is valid, and was successfully uploaded.<br>"; 
} else { 
echo "Possible file upload attack!<br>"; 


 
echo 'Here is some more debugging info:'; 
print_r($_FILES); 
 
echo "</pre>"; 
}

Output ---
 
Homework Exercise

Start XAMPP Apache server.

Study the posthtml.php client side code for "Form submission with POST method".
Study the postproc.php server side code for the "Form submission with POST method".
Run the code with URL http://localhost/phplab/posthtml.php .
Type in a name and click the submit button.
Observe what happens.

Submit a description of events in the code in both files.