Superglobals

Superglobals overview: $_GET, $_POST, $_SERVER, $_FILES, $_SESSION, and more.

On this page

What Superglobals Are

Superglobals are built-in variables available everywhere in your PHP script. They contain request data, server metadata, session state, and environment variables.

$_GET and $_POST

These contain form/query parameters. Always provide defaults to avoid undefined index warnings.

<?php
$q = $_GET['q'] ?? '';
$email = $_POST['email'] ?? '';

$_SERVER

Server and request metadata (method, URI, headers, etc.). Useful for routing, logging, and request handling.

<?php
$method = $_SERVER['REQUEST_METHOD'] ?? 'GET';
$uri = $_SERVER['REQUEST_URI'] ?? '/';

echo $method . ' ' . $uri;

$_FILES

Uploaded files live in $_FILES. You must validate file type, size, and store it safely (covered in the upload lesson).

<?php
// Example shape:
var_dump($_FILES['avatar'] ?? null);

$_COOKIE and $_SESSION

Cookies come from the client; sessions are server-side state referenced by a session cookie. Both should be treated carefully for security.

<?php
$theme = $_COOKIE['theme'] ?? 'light';

// session_start() required before using $_SESSION
// session_start();
// $_SESSION['user_id'] = 1;

$_ENV

Environment variables can be exposed via $_ENV depending on server config. In modern apps, dotenv libraries often populate these for config management.

<?php
$appEnv = $_ENV['APP_ENV'] ?? 'production';

Production Tip

Never trust any superglobal blindly. Treat them as untrusted input and validate/normalize before use.

← GET vs POST

Validation →