PHP constants and variables external variables

External variables

PHP’s external variables are some variables that PHP has specified during use. This variable is specified as such and used as such.

Let’s first explain a few of the most commonly used examples. We name the following form user.html:

<html>
   <head>
   </head>

   <body>
       <form action="reg.php" method="get">
           <input type="text" name="username" />
           <input type="password" name="pwd" />
           <input type="submit" value="提交" />
       </form>
   </body>
</html>

The above is a very basic HTML code. In the main part of this code It means to use the get method to send the user and password to reg.php (specified in line 6 of the above code). reg.php finds a way to receive the username and pwd values ​​​​passed by the user.

We get our first external variable: $_GET. The main function of
$_GET is to get the data passed by get.

Let’s write a reg.php and try using $_GET to receive the value:

<?php
//$_GET后面加上中括号，将username作为字符串放在中括号里面，就得到了表单里面的<input type="text" name="username" /> 的值
$u = $_GET['username'];
echo $u.'<br />';

//$_GET['pwd'] 得到表单<input type="text" name="username" /> 的值
$passwd = $_GET['pwd'];
echo $passwd.'<br />';
?>

You can output the value to see the result. Through the above experiment, we know that the value entered from the form can be obtained through the external variable $_GET.

When you experiment, you will find a feature on the address bar:

According to the picture above, observe the feature:

reg. php is followed by a ? (question mark)

The username in the form changes to the address bar

The username value entered in the form is root, and username is followed by =(etc. number) entered value

username (name) = root (value) The following password is password (name) = 123123 (value), separated by an & (and character) in the middle

The password is Visible, how to ensure safety? What if my password is not visible in the address bar during the registration process?

At this time we need to use post to pass the value. The post value is invisible in the address bar.

We will modify the same code in the above example. The html code is as follows:

<html>
   <head>
   </head>

   <body>
       <!-- 这一行method 对应的值改为了post -->
       <form action="reg.php" method="post">
           <input type="text" name="username" />
           <input type="password" name="pwd" />
           <input type="submit" value="提交" />
       </form>
   </body>
</html>

$_GET in the PHP code has been changed to $_POST:

<?php
//$_POST后面加上中括号，将username作为字符串放在中括号里面，就得到了表单里面的<input type="text" name="username" /> 的值
$u = $_POST['username'];
echo $u.'<br />';

//$_POST['pwd'] 得到表单<input type="text" name="username" /> 的值
$passwd = $_POST['pwd'];
echo $passwd.'<br />';
?>

Observation features:
The ? (question mark) after reg.php is missing. The username and password at the back are also missing. So how does he pass the data?

He is the data passed through the request header file of the browser that we cannot see. So the URL column is not visible.

Note: The appendix contains a demonstration process of how to view the transfer results through firebug of the Firefox browser. This part is all the transmission method specified by the HTTP protocol.

In addition, we also have $_REQUEST to receive data. Now we handle it like this:

Change all $_POST in the php code segment to $_REQUEST, the code is as follows:

<?php
$u = $_REQUEST['username'];
echo $u.'<br />';

$passwd = $_REQUEST['pwd'];
echo $passwd.'<br />';
?>

Change the method in this line in the web page user.html to Execute get once, then change it to Post and run it again to see the result:

       <form action="reg.php" method="post">

Through the above experiment, you will find that $_REQUEST can receive the value passed by get or the value passed by post.

In addition, we summarize some external variables and require the learning level of knowledge points: understand the meaning, and memorize the writing and function of this word.

##$_COOKIEGet Pass the value of cookie in session control$_SESSIONGet the value of session in session control$_FILESGet the result of file upload$_GETGet the result of get passed value$_POSTGet the result of value passed by post$_REQUESTYou can get the result of value passed by get and you can also get the result of value passed by Post

Global variable name	Function description

Please remember one more thing: all the above variables are super global. (The meaning of super global will be explained later).

---

Note:

1. We believe that all data input from users is not trustworthy. The second half of this book will specifically explain restrictions and filtering

2. When submitting data, our commonly used methods are get and post. It can be understood that the value passed by get is visible in the url, but the value passed by post is not visible in the url.

The post value is not visible in the URL. The data is sent to the designated server through the header part of the browser. You need to use special tools to see the value sent by Post. You can download the Firefox plug-in (firebug) to view it.

Firefox browser icon:

Open firebug:

View the header transfer data (network, click POST reg.php and select Post), and you will see the transferred name and transferred data value:

1. If you really use get to pass the password, the password will be displayed in the address bar. The browser history automatically records visited addresses. A malicious user will be able to obtain the passwords you have entered by looking at your browser history. Therefore, the get method cannot be used for password transmission.

get

Pronunciation: [get]
Explanation: Get, in computers it refers to a way of transmitting data

post

Pronunciation: [poʊst]
Explanation: Refers to a data transmission method in computers

request

Pronunciation: [rɪˈkwɛst]
Explanation: Request

submit

Pronunciation: [səbˈmɪt]
Explanation ：Submit, submit

action

Pronunciation: [ˈækʃən]
Explanation: Action, activity
Next Section