PHP provides a large number of predefined variables to any script which it runs. Many of these variables, however, cannot be fully documented as they are dependent upon which server is running, the version and setup of the server, and other factors. Some of these variables will not be available when PHP is run on the command-line.
Despite these factors, here is a list of predefined variables available under a stock installation of PHP 3 running as a module under a stock installation of Apache 1.3.6.
For a list of all predefined variables (and lots of other useful information), please see (and use) phpinfo().
Note: This list is neither exhaustive nor intended to be. It is simply a guideline as to what sorts of predefined variables you can expect to have access to in your script.
These variables are created by the Apache webserver. If you are running another webserver, there is no guarantee that it will provide the same variables; it may omit some, or provide others not listed here. That said, a large number of these variables are accounted for in the CGI 1.1 specification, so you should be able to expect those.
Note that few, if any, of these will be available (or indeed have any meaning) if running PHP on the command line.
What revision of the CGI specification the server is using; i.e. 'CGI/1.1'.
The name of the server host under which the current script is executing. If the script is running on a virtual host, this will be the value defined for that virtual host.
Server identification string, given in the headers when responding to requests.
Name and revision of the information protocol via which the page was requested; i.e. 'HTTP/1.0';
Which request method was used to access the page; i.e. 'GET', 'HEAD', 'POST', 'PUT'.
The query string, if any, via which the page was accessed.
The document root directory under which the current script is executing, as defined in the server's configuration file.
Contents of the Accept: header from the current request, if there is one.
Contents of the Accept-Charset: header from the current request, if there is one. Example: 'iso-8859-1,*,utf-8'.
Contents of the Accept-Encoding: header from the current request, if there is one. Example: 'gzip'.
Contents of the Accept-Language: header from the current request, if there is one. Example: 'en'.
Contents of the Connection: header from the current request, if there is one. Example: 'Keep-Alive'.
Contents of the Host: header from the current request, if there is one.
The address of the page (if any) which referred the browser to the current page. This is set by the user's browser; not all browsers will set this.
Contents of the User_Agent: header from the current request, if there is one. This is a string denoting the browser software being used to view the current page; i.e. Mozilla/4.5 [en] (X11; U; Linux 2.2.9 i586). Among other things, you can use this value with get_browser() to tailor your page's functionality to the capabilities of the user's browser.
The IP address from which the user is viewing the current page.
The port being used on the user's machine to communicate with the web server.
The absolute pathname of the currently executing script.
The value given to the SERVER_ADMIN (for Apache) directive in the web server configuration file. If the script is running on a virtual host, this will be the value defined for that virtual host.
The port on the server machine being used by the web server for communication. For default setups, this will be '80'; using SSL, for instance, will change this to whatever your defined secure HTTP port is.
String containing the server version and virtual host name which are added to server-generated pages, if enabled.
Filesystem- (not document root-) based path to the current script, after the server has done any virtual-to-real mapping.
Contains the current script's path. This is useful for pages which need to point to themselves.
The URI which was given in order to access this page; for instance, '/index.html'.
These variables are imported into PHP's global namespace from the environment under which the PHP parser is running. Many are provided by the shell under which PHP is running and different systems are likely running different kinds of shells, a definitive list is impossible. Please see your shell's documentation for a list of defined environment variables.
Other environment variables include the CGI variables, placed there regardless of whether PHP is running as a server module or CGI processor.
These variables are created by PHP itself. The $HTTP_*_VARS variables are available only if the track_vars configuration is turned on. When enabled, the variables are always set, even if they are empty arrays. This prevents a malicious user from spoofing these variables.
Note: As of PHP 4.0.3, track_vars is always turned on, regardless of the configuration file setting.
If the register_globals directive is set, then these variables will also be made available in the global scope of the script; i.e., separate from the $HTTP_*_VARS arrays. This feature should be used with care, and turned off if possible; while the $HTTP_*_VARS variables are safe, the bare global equivalents can be overwritten by user input, with possibly malicious intent. If you cannot turn off register_globals, you must take whatever steps are necessary to ensure that the data you are using is safe.
Array of arguments passed to the script. When the script is run on the command line, this gives C-style access to the command line parameters. When called via the GET method, this will contain the query string.
Contains the number of command line parameters passed to the script (if run on the command line).
The filename of the currently executing script, relative to the document root. If PHP is running as a command-line processor, this variable is not available.
An associative array of variables passed to the current script via HTTP cookies.
An associative array of variables passed to the current script via the HTTP GET method.
An associative array of variables passed to the current script via the HTTP POST method.
An associative array of variables containing information about files uploaded via the HTTP POST method. See POST method uploads for information on the contents of $HTTP_POST_FILES.
$HTTP_POST_FILES is available only in PHP 4.0.0 and later.
An associative array of variables passed to the current script via the parent environment.
An associative array of variables passed to the current script from the HTTP server. These variables are analogous to the Apache variables described above.