PHP 8.0.0 Beta 4 available for testing


$HTTP_GET_VARS [устарело]

(PHP 4 >= 4.1.0, PHP 5, PHP 7)

$_GET -- $HTTP_GET_VARS [устарело]Переменные HTTP GET


Ассоциативный массив переменных, переданных скрипту через параметры URL (известные также как строка запроса). Обратите внимание, что массив не только заполняется для GET-запросов, а скорее для всех запросов со строкой запроса.

$HTTP_GET_VARS содержит аналогичный набор данных, но не является суперглобальным. (Обратите внимание, что $HTTP_GET_VARS и $_GET являются разными переменными и обрабатываются PHP независимо друг от друга)


Пример #1 Пример использования $_GET

echo 'Привет, ' htmlspecialchars($_GET["name"]) . '!';

Подразумевается, что пользователь ввел в браузере адресИван

Результатом выполнения данного примера будет что-то подобное:

Привет, Иван!



Это 'суперглобальная' или автоматическая глобальная переменная. Это просто означает, что она доступна во всех контекстах скрипта. Нет необходимости выполнять global $variable; для доступа к ней внутри метода или функции.


Параметры GET обрабатываются urldecode().

add a note add a note

User Contributed Notes 6 notes

John Galt
10 years ago
Just a note, because I didn't know for sure until I tested it.

If you have a query string that contains a parameter but no value (not even an equals sign), like so:

The following script is a good test to determine how a is valued:
$_GET["a"] === "") echo "a is an empty string\n";
$_GET["a"] === false) echo "a is false\n";
$_GET["a"] === null) echo "a is null\n";
$_GET["a"])) echo "a is set\n";
$_GET["a"])) echo "a is not empty";

I tested this with script.php?a, and it returned:

a is an empty string
a is set

So note that a parameter with no value associated with, even without an equals sign, is considered to be an empty string (""), isset() returns true for it, and it is considered empty, but not false or null. Seems obvious after the first test, but I just had to make sure.

Of course, if I do not include it in my browser query, the script returns
a is null
1 month ago
If you want $_GET to read a queryParam as an array, you need to suffix your key with '[]', otherwise it will be read as a regular variable:

if url: ...?myarray=val1&myarray=val2&myarray=val3
then $_GET: array( 'myarray' => 'val3' );

if url: ...?myarray[]=val1&myarray[]=val2&myarray[]=val3
then $_GET: array( 'myarray' => array('val1', 'val2', 'val3') );
php at securetech dot com dot au
8 months ago
When using $_GET, please consider the security implications of this, as an attacker can post whatever they want, which gets included into your code, unless you are careful and sanitize it and check for VALID values, don't just use whatever is returned.

Instead of using this, i would recommend a function, which will return a sanitized version of the $_GET['variable']

I personally have a function _GET($par, $parType = '')

this means i can swap this into the code for $_GET['variable'] such as _GET('variable')

the function then checks if the second (optional) parameter has been checked:
if($parType == '')
    $parType = gettype($par);

next, we need to sanitize the string, to ensure no really bad stuff can happen. Check the type to ensure we filter correct type of data, for example if type is 'email' then:
$return = filter_input(INPUT_GET, $par, FILTER_SANITIZE_EMAIL)
case 'int':
$return = filter_input(INPUT_GET, $par, FILTER_SANITIZE_NUMBER_INT);

you can read some good security information on OWASP, but it isn't targetted to PHP.
timberspine _AT_ gmail _DOT_ com
12 years ago
Note that named anchors are not part of the query string and are never submitted by the browser to the server.


echo $_GET['title'];

// returns "apocalypse.php" and NOT "apocalypse.php#doom"

you would be better off treating the named anchor as another query string variable like so:

...and then retrieve it using something like this:
$url = $_GET['title']."#".$_GET['na'];

Hope this helps someone...
chris at bjelleklang dot org
9 years ago
Please note that PHP setups with the suhosin patch installed will have a default limit of 512 characters for get parameters. Although bad practice, most browsers (including IE) supports URLs up to around 2000 characters, while Apache has a default of 8000.

To add support for long parameters with suhosin, add
suhosin.get.max_value_length = <limit> in php.ini
2 years ago
The variable name $_GET is a bit misleading. It works with any HTTP request method that has a query component in the URI: GET, POST, PUT, PATCH, DELETE. A better name would be $_QUERY, similar to http_build_query and PHP_URL_QUERY in parse_url.
To Top