PHP constants and variables external variables

External variables

PHP’s external variables are some variables that PHP has specified during use. This variable is specified as such and used as such.

Let’s first explain a few of the most commonly used examples. We name the following form user.html:

The above is a very basic HTML code. In the main part of this code It means to use the get method to send the user and password to reg.php (specified in line 6 of the above code). reg.php finds a way to receive the username and pwd values passed by the user.

We get our first external variable: $_GET. The main function of
$_GET is to get the data passed by get.

Let’s write a reg.php and try using $_GET to receive the value:

 的值 $u = $_GET['username']; echo $u.'
'; //$_GET['pwd'] 得到表单 的值 $passwd = $_GET['pwd']; echo $passwd.'
'; ?>

You can output the value to see the result. Through the above experiment, we know that the value entered from the form can be obtained through the external variable $_GET.

When you experiment, you will find a feature on the address bar:

According to the picture above, observe the feature:

reg. php is followed by a ? (question mark)

The username in the form changes to the address bar

The username value entered in the form is root, and username is followed by =(etc. number) entered value

username (name) = root (value) The following password is password (name) = 123123 (value), separated by an & (and character) in the middle

The password is Visible, how to ensure safety? What if my password is not visible in the address bar during the registration process?

At this time we need to use post to pass the value. The post value is invisible in the address bar.

We will modify the same code in the above example. The html code is as follows:

$_GET in the PHP code has been changed to $_POST:

 的值 $u = $_POST['username']; echo $u.'
'; //$_POST['pwd'] 得到表单 的值 $passwd = $_POST['pwd']; echo $passwd.'
'; ?>

Observation features:
The ? (question mark) after reg.php is missing. The username and password at the back are also missing. So how does he pass the data?

He is the data passed through the request header file of the browser that we cannot see. So the URL column is not visible.

Note: The appendix contains a demonstration process of how to view the transfer results through firebug of the Firefox browser. This part is all the transmission method specified by the HTTP protocol.

In addition, we also have $_REQUEST to receive data. Now we handle it like this:

Change all $_POST in the php code segment to $_REQUEST, the code is as follows:

'; $passwd = $_REQUEST['pwd']; echo $passwd.'
'; ?>

Change the method in this line in the web page user.html to Execute get once, then change it to Post and run it again to see the result:

Through the above experiment, you will find that $_REQUEST can receive the value passed by get or the value passed by post.

In addition, we summarize some external variables and require the learning level of knowledge points: understand the meaning, and memorize the writing and function of this word.

##$_COOKIE Get Pass the value of cookie in session control $_SESSION Get the value of session in session control $_FILES Get the result of file upload $_GET Get the result of get passed value $_POST Get the result of value passed by post $_REQUEST You can get the result of value passed by get and you can also get the result of value passed by Post

Global variable name	Function description

Please remember one more thing: all the above variables are super global. (The meaning of super global will be explained later).

---

Note:

1. We believe that all data input from users is not trustworthy. The second half of this book will specifically explain restrictions and filtering

2. When submitting data, our commonly used methods are get and post. It can be understood that the value passed by get is visible in the url, but the value passed by post is not visible in the url.

The post value is not visible in the URL. The data is sent to the designated server through the header part of the browser. You need to use special tools to see the value sent by Post. You can download the Firefox plug-in (firebug) to view it.

Firefox browser icon:

Open firebug:

View the header transfer data (network, click POST reg.php and select Post), and you will see the transferred name and transferred data value:

1. If you really use get to pass the password, the password will be displayed in the address bar. The browser history automatically records visited addresses. A malicious user will be able to obtain the passwords you have entered by looking at your browser history. Therefore, the get method cannot be used for password transmission.

get

Pronunciation: [get]
Explanation: Get, in computers it refers to a way of transmitting data

post

Pronunciation: [poʊst]
Explanation: Refers to a data transmission method in computers

request

Pronunciation: [rɪˈkwɛst]
Explanation: Request

submit

Pronunciation: [səbˈmɪt]
Explanation ：Submit, submit

action

Pronunciation: [ˈækʃən]
Explanation: Action, activity