How exactly is PHP creating superglobal $_POST, $_GET, $_COOKIE and $_REQUEST?

Question

I\'m sorry for confusing title of the question, I\'ll try to clarify what the issue is.

I\'m doing some work with Mongrel2 server and I\'m writing a PHP handler that has

Answer 1

$_POST, $_GET, $_COOKIE and $_REQUEST are available in PHP every time, also if php was run in command-line. These arrays are writable, you can add values to $_POST array and get one in any other places.

This code fully correct and workable if run it from console:

<?php

$_POST['test'] = '1';
echo "\$_POST in global scope:\n";
var_dump($_POST);

function p() {
     echo "\$_POST in function scope:\n";

     var_dump($_POST);

     echo "Others super-global array in function scope:\n";
     var_dump($_REQUEST);
     var_dump($_COOKIE);

}

p();

Result:

$_POST in global scope:
array(1) {
  'test' =>
  string(1) "1"
}
$_POST in function scope:
array(1) {
  'test' =>
  string(1) "1"
}
Others super-global array in function scope:
array(0) {
}
array(0) {
}

Edit

Also, you can create class, and save data from HttpRequest in static field of it. In this case, you can use it from anywere.

Answer 2

Found on php.net maybe this will be useful:

$_POST = array();
$str = 'first=value&arr[]=foo+bar&arr[]=baz';
parse_str(html_entity_decode($str), $_POST);
print_r($_POST);

Array
(
    [first] => value
    [arr] => Array
        (
            [0] => foo bar
            [1] => baz
        )

)

Note:

The magic_quotes_gpc setting affects the output of this function, as parse_str() uses the same mechanism that PHP uses to populate the $_GET, $_POST, etc. variables.

http://php.net/manual/en/function.parse-str.php

Answer 3

I am trying to contribute to this question with the knowledge I know.

Sending a HTTP Request with such headers can duplicate POST variable

POST /somepage.php HTTP/1.1
Host: www.domain.com
User-Agent: Mozilla/12.0
Content-Length: 31
Content-Type: application/x-www-form-urlencoded

parameter=value&testcode=value1

Also you might want to check the HttpRequest libray of PHP. [Start here]. For POST data you can override the previous POST content using HttpRequest::setPostFields() and set your own data for it.

HttpRequest::setPostFields(array(
    "parameter" => "value"
));

Answer 4

Creating these variables is handled deep within the guts of PHP, in main/php_variables.c, in the php_auto_globals_create_get() and similar functions. From PHP 5.4.3:

static zend_bool php_auto_globals_create_get(const char *name, uint name_len TSRMLS_DC)
{
        zval *vars;

        if (PG(variables_order) && (strchr(PG(variables_order),'G') || strchr(PG(variables_order),'g'))) {
                sapi_module.treat_data(PARSE_GET, NULL, NULL TSRMLS_CC);
                vars = PG(http_globals)[TRACK_VARS_GET];
        } else {
                ALLOC_ZVAL(vars);
                array_init(vars);
                INIT_PZVAL(vars);
                if (PG(http_globals)[TRACK_VARS_GET]) {
                        zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_GET]);
                }
                PG(http_globals)[TRACK_VARS_GET] = vars;
        }

        zend_hash_update(&EG(symbol_table), name, name_len + 1, &vars, sizeof(zval *), NULL);
        Z_ADDREF_P(vars);

        return 0; /* don't rearm */
}

This ends up calling directly into the SAPI (e.g, Apache module / CGI / FastCGI / whatever) to fetch variables. I don't think there's any way you can alter the way this works if you're in a weird environment where GET/POST/etc variables aren't where PHP expects them to be.