$_SERVER Since: PHP 4(2000)
A superglobal variable that provides information about the web server and HTTP request details. It is used as the foundation for server-side processing such as detecting the request method and building redirect URLs.
Syntax
// Gets the request method. $_SERVER['REQUEST_METHOD']; // Gets the hostname. $_SERVER['HTTP_HOST']; // Gets the request URI. $_SERVER['REQUEST_URI']; // Gets the absolute file path of the script. $_SERVER['SCRIPT_FILENAME'];
Variable List
| Key | Description |
|---|---|
| REQUEST_METHOD | Returns the HTTP method used for the request. Possible values include GET, POST, PUT, and DELETE. |
| HTTP_HOST | Returns the hostname of the request destination. Contains the value of the Host header. |
| REQUEST_URI | Returns the URI of the request. Contains the full path including the query string. |
| QUERY_STRING | Returns the query string portion of the URL after the ?. |
| SCRIPT_NAME | Returns the path of the currently executing script. |
| SCRIPT_FILENAME | Returns the absolute file path of the currently executing script. |
| DOCUMENT_ROOT | Returns the document root path of the web server. |
| REMOTE_ADDR | Returns the IP address of the client. When accessed through a proxy, this may be the IP of the intermediate server. |
| HTTP_USER_AGENT | Returns the browser's User-Agent string. |
| HTTP_REFERER | Returns the URL of the referring page. This may not always be present, as some browsers do not send it. |
| HTTPS | Set to on for HTTPS connections. Undefined for HTTP connections. |
| SERVER_PORT | Returns the port number of the server. Typically 80 or 443. |
| CONTENT_TYPE | Returns the value of the Content-Type header from the request. |
Sample Code
<?php
// Check the request method.
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
echo "Received a POST request.";
} else {
echo "This is a GET request."; // Output when accessed via a browser.
}
// Build the current URL.
$scheme = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http';
$host = $_SERVER['HTTP_HOST'];
$uri = $_SERVER['REQUEST_URI'];
$currentUrl = $scheme . '://' . $host . $uri;
echo $currentUrl; // Outputs something like: 'https://example.com/page.php?id=1'
// Get the client's IP address.
$ip = $_SERVER['REMOTE_ADDR'];
echo "Client IP: " . $ip; // Outputs something like: 'Client IP: 192.168.1.100'
// Get the User-Agent string.
$ua = $_SERVER['HTTP_USER_AGENT'] ?? '';
echo "Browser: " . htmlspecialchars($ua);
// Check the referrer. Use isset() since it may not be set.
if (isset($_SERVER['HTTP_REFERER'])) {
echo "Referrer: " . htmlspecialchars($_SERVER['HTTP_REFERER']);
} else {
echo "No referrer information available.";
}
// Check the script path information.
echo $_SERVER['SCRIPT_NAME']; // Outputs something like: '/index.php'
echo $_SERVER['DOCUMENT_ROOT']; // Outputs something like: '/var/www/html'
// Get the query string.
// URL: page.php?category=php&page=2
echo $_SERVER['QUERY_STRING']; // Outputs: 'category=php&page=2'
Notes
$_SERVER is a superglobal variable that holds information about the web server and HTTP request. Some values in $_SERVER are taken from HTTP headers sent by the client and may contain untrusted data. Always escape them with htmlspecialchars() before outputting to HTML.
In particular, HTTP_HOST, HTTP_REFERER, HTTP_USER_AGENT, and REQUEST_URI are header values that the client can set freely. When using these values in security-sensitive operations, validate them against a whitelist.
Use $_GET / $_POST for retrieving request data, and header() for sending HTTP headers.
If you find any errors or copyright issues, please contact us.
シェアする