PHPIntermediate

PHP Globals with EGPCS Information

PB Pb28 Master Team July 2nd, 2022 Intermediate

📦 Get the complete source code for this tutorial

PHP Globals with EGPCS Information

EGPCS is the variable parsing order configured as the value of the variable_order directive in the PHP configuration file. It is used to configure the order of PHP superglobal variables $_ENV, $_GET, $_POST, $_COOKIE and $_SERVER.

These global array elements are merged together and stored in the $_REQUEST array. If we store values in an EGPCS array with the same index, then, the variable parsing order affects $_REQUEST values.

$_REQUEST Data based on variable_order Directive

In the PHP code below shows $_GET, $_POST, $_COOKIE with the same array index. Let the variable_order be configured as GCP.

php
<?php

$_GET["keyword"] = "search-action";

$_POST["keyword"] = "Search";

$_COOKIE["keyword"] = "Temp";

?>

The PHP print_r() function prints $_REQUEST array values as below. It shows the value of $_POST since P is the latest one specified in the variable_order settings.

code
Array(

   [keyword] = Search

)

variable_order and register_globals

In the older PHP version, it had the feature named register_globals. When the register_globals is set as “ON” then, the PHP will automatically register the super global elements as the variables. these variables can be found in the global scope.

For example, the $_GET[“keyword”], $_POST[“keyword”] and $_COOKIE[“keyword”] variables from the above example can also be used as $keyword. The value will be based on the variable_order. Since it caused security issues, this feature is removed from PHP as of version 5.4.0

📦 Download the full project files and try it locally