Summary: Access http variables in the page, such as Get variables, Post data, and Cookies.
Version: 2017-08-17
Status: Feature Complete
Maintainer: MartinFick (minor updates: Peter Bowers)
License: FreeBSD
Categories: PageVariables PHP55
Discussion: HttpVariables-Talk

Questions answered by this recipe

How can I insert GET, POST, COOKIE or SESSION values into my pages and how can I set or unset cookies and session variables?

How can I customize a user's site viewing preferences?

How can I pass a value between pages without using a page text variable?

How can I tell from which page the user came?


Put httpvariables.phpΔ in your cookbook/directory.

Add the following line to local/config.php


Use the following markup extensions to access GET, POST, REQUEST, COOKIE and SESSION variable values:

  {$?get_var}      - GET variables are added to URLs (http://yoursite/page?foo=bar)
  {$|post_var}     - POST variables are submitted by forms (action=POST)
  {$@cookie_var}   - Set/unset cookies with the cookie directive (see below)
  {$~session_var}  - Set/unset session variables with the session directive (see below)
  {$!request_var}  - GET, POST, COOKIE or SESSION (might not be reliable - see below)
  {$^request_var}  - Use GET, COOKIE or SESSION variable, in that order
  1. {$!request_var} may produce different results under different php.ini configurations.
  2. {$^request_var} should produce the same result in all php configurations.
  3. The session_var uses a tilde (~), not a hyphen.

Use this directive to set/unset cookies:

  (:cookie foo bar [options]:)  - set cookie foo to bar
  (:cookie foo:)                - unset cookie foo

options are any of the following (more option info):

  name=<cookie>         - to set a name that would be interpreted as an option
  value=<value>         - to set a value that would be interpreted as an option
  expires=<time>        - set the expiry time (any valid strtotime format)
  httponly[=true|false] - only works with php 5.2 or above

Use this directive to set/unset session variables:

  (:session foo bar:)   - set session variable foo to bar
  (:session foo:)       - unset session variable foo


GET variables are variables that appear after the ? in URLS. They are often used to alter queries or the way that a page looks. They are convenient because they can be added to a link and therefor do not require a form. Naturally this convenience means that GET variables should never be used to affect things permanently (i.e save/delete a document), especially since a crawler is likely to 'click' on every link on your site!

GET Example: you may link to the current page while assigning Bar to the GET variable Foo like this:


You may then embed the value of Foo your wiki page with {$?Foo}.

POST variables on the other hand may to be used to permanently modify or 'post' things to a web site. They are normally associated with forms but javascript can also post data to a website. While forms that modify things can use POST, if a form simply performs a search it should be OK to use the GET method in the form instead.

POST example: you can create a form in pmwiki with a text field named Username and use the POST method like this:

   (:input form method=post:)
   (:input text name=Username:) 

You may then embed the username in your wiki page with {$|Username}

COOKIES are variables that maintain state on the client (browser) side and can be used to create a form of session. Every time a user loads a page from the same place he got a cookie, the cookie is sent back to the server. This allows a web site to keep track of information about a user. While this can be evil, it can also allow a user to customize the way he interacts with a web site.

SESSIONS are similar to cookies but some of the burden of managing session data is transfered to the server side. But sessions do not exist on their own, for sessions to work they need to have at least as small key that is managed on the client side. This is usually done with a cookie, but could also be done by appending GET variables to every link. PHP can manage sessions transparently.

REQUEST variables are an all inclusive PHP specific way of referring to variables provide by any of the four methods mentioned above. You can use them if you don't care how the information you seek was submitted. Note: For php5, and Apache 2 at least on MACOSX the REQUEST variables are only POST and GET, and not Cookies or Sessions. This recipe does set and retrieve these variables though. (VG- 2011-01-09)


  • This recipe could be used to implement an alternative form of DynamicWikiTrails.
  • I'm not sure how, but I imagine that conceptually there are security concerns with this idea.


Live example

You can see (and edit) a live example of this recipe here.

Using Get to divide a long page into separate parts to read:

(:if !equal {$?partToRead} "part2":)
 This is part 1 of what could be a long page.

 [[{$FullName}?partToRead=part2|View part 2...]]

(:if equal {$?partToRead} "part2":)
  You just clicked on part 2 and so are seeing another section of the page.

 [[{$FullName}?partToRead=part1|Back to part 1...]]

Using Get to pass a value from one page to another:

In the above example a page passed a value to itself. You can also pass values across pages:

If MyPage has three links:
[[Called?passedvalue=A|Let's pass "A".]]
[[Called?passedvalue=B|Let's pass "B".]]

And the Called page has this markup:
(:if equal "{$?passedvalue}" "":)
No value passed

The Called page will display "A", "B", or "No value passed", depending on which link the user clicked on MyPage.

An example of how to use this: a page can pass its own name as {*$FullName}, so the target page knows who called it.

Release Notes

2017-08-17 Said Achmiz

  • Minor bug fix in HttpVariables function (to correctly capture variables that are set to 0 or false, etc.).


  • Added {$^request_var} option to avoid reliance on php version


  • Added FreeBSD license info

2014-11-30 (HansB)

  • added Markup_e() definitions for PHP5.5 compatibility

2010-06-28 (Peter Bowers)

  • Changed to respect $Charset in the final htmlentities() call. Helps for pages with UTF-8 needing to pass info via the URL. (Requested by RandyB)

2010-02-05 (Peter Bowers)

  • Fixed incorrectly named rules to improve rule handling.
  • Added RecipeInfo line so recipe checks will work.

Version 1.3 - 2008-03-20

  • Added complete cookie parameter support
  • Made all assignments (cookies & sessions) occur after conditionals
  • Made httpvariable substitutions occur before and after pagevariable substitutions

Version 1.2 - 2008-02-15

  • Removed the extra slashes added by php on quoted material.

Version 1.1 - 2006-07-02

  • Added SESSION variables. Changed the clearing order of cookies.

Version 1.0 - 2006-06-06

  • Initial release

See Also



See discussion at HttpVariables-Talk

User notes +4 -1: If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.