jim.shamlin.com

Environment Variables

These are the names of environment variables commonly accessible to Perl. Al of these variables depend on either the server or the client (the latter as interpreted by the server), so they may not be available on all systems and their exact return values may vary.

In general, these should be used for development purposes only and should not be exposed to the user. In some instances, the output reveals information that could be misused.


CONTENT_LENGTH

Data passed in the headers to the server, most often when a POST method is used to retrieve a resource.


DOCUMENT_ROOT

Echoes the document root of the current site as set in the httpd.config file.

WARNING: Exposing the full server path to the user is unwise.


GATEWAY_INTERFACE

Indicates the gateway version, typically CGI/1.1


HTTP_ACCEPT

These indicate the content types the client will accept. This varies according to the client software, and can be useful to discover (or eliminate) a potential cause of client-side problems.


HTTP_ACCEPT_ENCODING

These indicate the MIME types the client will accept. This varies according to the client software, and can be useful to discover (or eliminate) a potential cause of client-side problems.


HTTP_ACCEPT_LANGUAGE

Indicates the language expected by the client software. In theory, this can be useful for developing a site that will detect users' language preferences (as set in their software preferences) and return text in the proper language. In practice, it's generally better to use a default language and provide links to alternate language versions.


HTTP_CACHE_CONTROL

An indication to the client or a proxy how long to keep the resource in cache. A value of max-age=0 indicates the resource should not be cached at all. However, the client software will decide whether to accept or disregard the value specified by the server.


HTTP_CONNECTION

The type of connection. I haven't used this, and have never never seen anything other than keep-alive.


HTTP_COOKIE

The content of a client-side "cookie" pertaining to the present server.


HTTP_HOST

The name of the host from which the request was made. It is usually the address of the current server's document root, but that may be different if any redirection occurred.

I've found this useful in writing portable code for multiple servers (no need to set a configuration variable if you use this.)


HTTP_MODIFIED_SINCE

Indicates the date on which the requested resource was last modified. Note that if you upload a file without changing it, this will reflect the upload date.


HTTP_REFERER

The address (full URL and protocol) of a site or resource that linked to the current script, provided it is passed. The typo ("referer" instead of "referrer" is not mine - it's actually coded that way in the protocol.


HTTP_USER_AGENT

The user-agent string passed from the client, useful in browser detection.


HTTPS

An indication of whether "Secure" protocol is being used. Echoes "on" if so. I've only used this to confirm a secure connection when passing highly sensitive data (to prevent it from being sent via an unencrypted channel).


PATH

The system path for the server software. I've never found it useful.

WARNING: Exposing the location of the server software to the user is unwise.


QUERY_STRING

The value of the query string, most often seen when a GET method is used to execute a CGI script.


REMOTE_ADDR

The IP address of the user or proxy. This can be useful to permit or deny access to users based on their IP address.


REMOTE_HOST

The host name of the user or proxy. This is not quite as useful as the REMOTE_ADDR because it depends on the server to resolve the remote host's name based (which it may not do).


REMOTE_PORT

The port to which data should be returned to the user or proxy.


REMOTE_USER

If the user has logged in using HTTP authentication, this value will contain their username (for every request placed).


REQUEST_METHOD

The HTTP request method for retrieving the resource - most often GET or POST


REQUEST_URI

The path to the current resource from the document root.


SCRIPT_FILENAME

The path to the current resource from the server root.

WARNING: Exposing the full path information to the user is unwise.


SCRIPT_NAME

The path to the current resource from the document root - same as the REQUEST_URI unless redirection has occurred


SERVER_ADDR

The server's IP address, which may be useful if a server is multi-homed and/or a script is meant to be installed on multiple sites.


SERVER_ADMIN

The e-mail address of the server administrator as specified in the httpd.conf file.

WARNING: It is unwise to expose this to users on a public server, as spammers feed on it. In fact, it's a good idea to change the address in the httpd.conf file to something bogus.


SERVER_NAME

The domain name under which the request was placed. Useful when a server is multi-homed and a script is accessible under multiple names.


SERVER_PORT

The port through which the server received the request. Useful in to discover (or eliminate) a potential cause of client-side problems.


SERVER_PROTOCOL

The protocol version the server expects, typically HTTP/1.1


SERVER_SIGNATURE

Usage of this variable varies widely. In some instances, it is a digital signature; in others, it is simply text or HTML clode identified as a "signature" for the server.


SERVER_SOFTWARE

The name and version of the server software.

WARNING: It is unwise to reveal this information to users.


USER

The username under which the script is executed. This is most often the username for the account, so do not show it to the user.

WARNING: It is very unwise to reveal this information to users, as this often corresponds to the username that's used to log into the server.

TODO

And finally

This is online for my own use and reference, but feel to snag it if you think it would be useful. It's a trifle and I don't expect to be credited or compensated in any way ... but nor does it come with any sort of guarantee.