$_SERVER is one of the most frequently used predefined variable in PHP. $_SERVER is a predefined array which contains various information related to the server environment, script location detail, header. In this tutorial, we will explore each and every array element of $_SERVER in PHP. To understand $_SERVER in PHP you only need basic information about the PHP programming.
What is $_SERVER in PHP
PHP has some predefined variable and $_SERVER is one of them. $_SERVER is an array. $_SERVER contains information related to the server environment and make it available to your script. $_SERVER contains several elements like request method, script name, query string etc. Below is the recursive print of $_SERVER i.e. output of print_r($_SERVER) of my local xampp.
Array ( [UNIQUE_ID] => VylVpsCoAQQAAAbGiVQAAAAA [HTTP_HOST] => localhost [HTTP_CONNECTION] => keep-alive [HTTP_PRAGMA] => no-cache [HTTP_CACHE_CONTROL] => no-cache [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 [HTTP_UPGRADE_INSECURE_REQUESTS] => 1 [HTTP_USER_AGENT] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36 [HTTP_REFERER] => http://localhost/techflirt_code/php-server/ [HTTP_ACCEPT_ENCODING] => gzip, deflate, sdch [HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8,es;q=0.6 [HTTP_COOKIE] => __atuvc=0%7C48%2C0%7C49%2C0%7C50%2C0%7C1%2C2%7C52; toShowIxigo=1 [PATH] => /usr/bin:/bin:/usr/sbin:/sbin [DYLD_LIBRARY_PATH] => /Applications/XAMPP/xamppfiles/lib [SERVER_SIGNATURE] => [SERVER_SOFTWARE] => Apache/2.4.18 (Unix) OpenSSL/1.0.2e PHP/7.0.1 mod_perl/2.0.8-dev Perl/v5.16.3 [SERVER_NAME] => localhost [SERVER_ADDR] => ::1 [SERVER_PORT] => 80 [REMOTE_ADDR] => ::1 [DOCUMENT_ROOT] => /Applications/XAMPP/xamppfiles/htdocs [REQUEST_SCHEME] => http [CONTEXT_PREFIX] => [CONTEXT_DOCUMENT_ROOT] => /Applications/XAMPP/xamppfiles/htdocs [SERVER_ADMIN] => [email protected] [SCRIPT_FILENAME] => /Applications/XAMPP/xamppfiles/htdocs/techflirt_code/php-server/1.php [REMOTE_PORT] => 51544 [GATEWAY_INTERFACE] => CGI/1.1 [SERVER_PROTOCOL] => HTTP/1.1 [REQUEST_METHOD] => GET [QUERY_STRING] => [REQUEST_URI] => /techflirt_code/php-server/1.php [SCRIPT_NAME] => /techflirt_code/php-server/1.php [PHP_SELF] => /techflirt_code/php-server/1.php [REQUEST_TIME_FLOAT] => 1462326694.696 [REQUEST_TIME] => 1462326694 )
The output of $_SERVER will be changed from server to server depending on the server configuration and request.
Important Note: Since $_SERVER contains very sensitive information like server related information, please do not print $_SERVER on any pages of your live website. It might leave any clue for a hacker.
We can broadly classify the $_SERVER array elements in following 3 categories.
- HTTP header related information
- Server related information
- Script related information
1. HTTP Header related information in $_SERVER: All $_SERVER element which names starts with HTTP_ are the HTTP header detail of your request. If you will set any HTTP header with name test the a new variable will be available in your $_SERVER variable with name HTTP_TEST. So HTTP_HOST, HTTP_CONNECTION, HTTP_COOKIE are nothing but HTTP header information came with your request. If you will hit the same file which has print_r($_SERVER) from command line then you will not get any variable which starts with HTTP_. Below is the output of print_r($_SERVER) via command line:
Array ( [TERM_PROGRAM] => Apple_Terminal [SHELL] => /bin/bash [TERM] => xterm-256color [TMPDIR] => /var/folders/th/29_38sgd7xs_t9577rr80ftc0000gn/T/ [Apple_PubSub_Socket_Render] => /private/tmp/com.apple.launchd.zSfVR3Aw5s/Render [TERM_PROGRAM_VERSION] => 361.1 [TERM_SESSION_ID] => 11E8AB4D-AFB1-450B-8C80-89F50654B490 [USER] => ankur [SSH_AUTH_SOCK] => /private/tmp/com.apple.launchd.CKBSdRgZeI/Listeners [__CF_USER_TEXT_ENCODING] => 0x1F5:0x0:0x0 [PATH] => /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/opt/X11/bin [PWD] => /Users/ankur [XPC_FLAGS] => 0x0 [XPC_SERVICE_NAME] => 0 [SHLVL] => 1 [HOME] => /Users/ankur [LOGNAME] => ankur [LC_CTYPE] => UTF-8 [DISPLAY] => /private/tmp/com.apple.launchd.H55sOUGjdR/org.macosforge.xquartz:0 [SECURITYSESSIONID] => 186a7 [_] => /usr/bin/php [PHP_SELF] => /Applications/XAMPP/htdocs/techflirt_code/php-server/1.php [SCRIPT_NAME] => /Applications/XAMPP/htdocs/techflirt_code/php-server/1.php [SCRIPT_FILENAME] => /Applications/XAMPP/htdocs/techflirt_code/php-server/1.php [PATH_TRANSLATED] => /Applications/XAMPP/htdocs/techflirt_code/php-server/1.php [DOCUMENT_ROOT] => [REQUEST_TIME_FLOAT] => 1462328402.0015 [REQUEST_TIME] => 1462328402 [argv] => Array (  => /Applications/XAMPP/htdocs/techflirt_code/php-server/1.php ) [argc] => 1 )
2. Server Related Information: $_SERVER also contains some element with server related information, for example SERVER_NAME, SERVER_SOFTWARE , SERVER_ADMIN etc.
3. Script Related information : $_SERVER also contains some information about the script which is executed. For example SCRIPT_FILENAME , DOCUMENT_ROOT , SCRIPT_NAME etc.
Although $_SERVER elements vary depending upon the several factors like type of request, the web, CLI, HTTP, https etc, but some the element are common and very useful. In next sections, we will explore some of them.
$_SERVER[‘HTTP_HOST’] Element PHP
$_SERVER[‘HTTP_HOST’] returns name of the host. This value will only be available when the script is hosted and executed via a web server. For command line hit this variable will not be available. For my case if I am running my below code on http://localhost/techflirt_code/php-server/2.php:
The output is localhost.
HTTP_HOST element contains only host name without any protocol like HTTP or https. Also, it does not contain path or file name in URL. So the same above code will be executed from http://www.test.com/path/file.php then the output will be www.test.com.
HTTP_HOST is mainly use to form the hard coded URL in your script. For example:
<li><a href="<?php echo $_SERVER['REQUEST_SCHEME'] ?>://<?php echo $_SERVER['HTTP_HOST'] ?>/test1.php">Test1</a></li>
<li><a href="<?php echo $_SERVER['REQUEST_SCHEME'] ?>://<?php echo $_SERVER['HTTP_HOST'] ?>/test2.php">Test2</a></li>
<li><a href="<?php echo $_SERVER['REQUEST_SCHEME'] ?>://<?php echo $_SERVER['HTTP_HOST'] ?>/test3.php">Test3</a></li>
<li><a href="<?php echo $_SERVER['REQUEST_SCHEME'] ?>://<?php echo $_SERVER['HTTP_HOST'] ?>/test4.php">Test4</a></li>
$_SERVER[‘HTTP_USER_AGENT’] Element PHP
$_SERVER[‘HTTP_USER_AGENT’] contains information of browser from where request is generated. Element will only be available if script is hosted and executed by web server. Basically whenever you hit any URL from your browser, your browser send its agent information in HTTP header user-agent. The same user-agent header sent by browser will be returned by $_SERVER[‘HTTP_USER_AGENT’]. For example File Path http://localhost/techflirt_code/php-server/3.php :
If I will hit this file from web browser(Mozilla on Mac) the output will be following:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:43.0) Gecko/20100101 Firefox/43.0
Now I will hit the same code using curl utility and setting user-agent header to test then output will be test. Curl Path:
curl -v -H ‘User-Agent: test’ http://localhost/techflirt_code/php-server/3.php
$_SERVER[‘HTTP_ACCEPT’] element in PHP
Contains information about the accepted media type by browser. When we hit any URL via our web browser it always send information about accepted media type to the server in HTTP header accept. The same media type value will be available in $_SERVER[‘HTTP_ACCEPT’] in PHP. For example :
IF I will hit this code from my browser then output is
$_SERVER[‘HTTP_ACCEPT_LANGUAGE’] Element in PHP
Contains the information about the language support of browser. When we request any page URL via our web browser then web browser always send the language information in http header accept-language and $_SERVER[‘HTTP_ACCEPT_LANGUAGE’] contains that http header value.
Basically this variable is used to determine the locale of user, but it should not be good idea to only rely on this variable as per w3.org. For detail you may refer to w3.org article Accept-Language Use for Locale Setting.
$_SERVER[‘HTTP_ACCEPT_ENCODING’] element in PHP
Contains the information about the accepted encoding support by web browser. Whenever we request any page URL from our browser then our browsers send its capability to accept encoding in http header accept-encoding, and the same information is contained in $_SERVER[‘HTTP_ACCEPT_ENCODING’]; HTTP_ACCEPT_ENCODING value will be like zip, deflate
$_SERVER[‘HTTP_REFERER’] element in PHP
Contains information about the reference page. Or in other word the complete URL of the page from where the current page is referred. Or in other word the reference of the current page hit. Again this header is provided by browser and the information is available on server in variable $_SERVER[‘HTTP_REFERER’] .
$_SERVER[‘SERVER_SIGNATURE’] Element in PHP
Contains information about the server like the virtual host, server version. But the information is only available if server signature is on.
$_SERVER[‘SERVER_SOFTWARE’] element in PHP
Contains information about the server software like web server name, web server version, module which is compiled with web server. For example:
will print Apache/2.4.18 (Unix) OpenSSL/1.0.2e PHP/7.0.1 mod_perl/2.0.8-dev Perl/v5.16.3 . The information will vary from server to server.
Basically these variable are used while creation of framework or system management tool.
Contains name of the server where script is executed. If you will run the script under the virtual host then name of the virtual host will be returned as $_SERVER[‘SERVER_NAME’];
Contains IP address of server where script is executed. If you will run on local machine then the output will be 127.0.0.1 if you will access it via localhost.
Contains port of the server machine which is used by your web server. For default case the port will be 80. If you will specify any other port number then the element will contain that port number.
Contains IP address from where user is requesting URL. For live website it will be the public IP of your internet, in case of local LAN it will be your own IP in local network. For localhost it will be 127.0.0.1.
This is one of the most used method to get the user ip. Sometime popele get user ip using $_SERVER[‘REMOTE_ADDR’] and with the help of IP detect user location and then server content according to that.
The element contains document root of the script configured on the server.
The element contains information about the request type whether it is http or https.
The element contains information about the server admin. Server admin detail can be configured in apache configuration. If script is executed using virtual host the the server admin information will be picked from virtual host.
Contains path of the script currently executed. IF the file will be executed by CLI with relative path the it will contains relative path to the current execution context.
Commonly used to get the file name which is in execution and the element is used in the core part of any CMS creation.
Contains URI which is given to access the page. For example /test/a.php or /about-us etc.
The variable is one of the most useful while writing any framework. Basically if we need to perform some action on the basis of the URL
Contains current executing script path. Event in the depth of included file it will provide path of main script which is including other script in hierarchy.
Filename of currently executing script with the complete slug information. For example if you will run file http://localhost/techflirt_code/php-server/1.php/test/test then the output will be
Note: For any $_SERVER element, if you are thing to print it directly in your HTML then it might be risky and cause XSS vulnerbilth and sometime provide clue for hacker. Always sanitise the data of $_SERVER before use.