ICT 5 Web Development - Chapter 10: Web Techniques and Security products about Environment variables, Setting Response Header, Encoding and escaping, Cross site scripting, Global arrays, Server Information. | Vietnam and Japan Joint ICT HRD Program Content 1. Environment variables 2. Setting Response Header 3. Encoding and escaping 4. Cross site scripting ICT 5 Web Development Chapter 10. Web Techniques and Security Nguyen Thi Thu Trang trangntt@ 2 1. Environment variables . Global arrays If the register_globals option in is enabled (it is disabled by default), PHP default) creates a separate global variable for every form parameter, every piece of request information, and every server configuration value. This functionality is convenient but dangerous, as it lets the browser provide initial values for any of the variables in your program Server configuration and request information i f ti – form parameters – Cookies can be accessible in three different ways from your PHP scripts scripts. Referred to as EGPCS (Environment, GET, POST, Cookies, and Server). 3 4 1 . Global arrays (2) . Global arrays (2) $_FILES $_COOKIE – Contains any cookie values passed as part of the request, where the keys of the array are the names of the cookies – Contains information about any uploaded files $_SERVER $_GET – Contains any parameters that are part of a GET request, where the keys of the array are the names of the form parameters – Contains useful information about the web server, as described in the next section $_ENV – Contains the values of any environment variables, where the keys of the array are the $_POST $ POST – Contains any parameters that are part of a POST request, where the keys of the array are the names of the form parameters names of the environment variables. 5 . Global arrays (2) 6 . Server Information PHP also creates automatically The $_SERVER array contains a lot of useful information from the web server – $ REQUEST $_REQUEST – SERVER_SOFTWARE contains the elements of the $_GET, $_POST, and $_COOKIE arrays all in one array variable. A string that identifies the server (., "Apache/ (Unix)