For the environment is no longer true, most multi-threaded webservers don't
have separate environments for every thread (because they can't). You should
only use $_SERVER! The global $_ENV is only safe to use in php-cli, where
you have an defined environment, but not inside webservers. Only apache
currently sets the $_ENV equally to the $_SERVER, but only when used in
prefork mode (not on windows).
from 2008 concurs. Zend and Symphony both seems to be happy to read even
X- custom headers from SERVER without bothering with
apace_request_headers() or anything like that.
I have tried to read some SAPI code and while most of them are a bit obscure,
to the best of my understanding at least nsapi.c copies every request header
(ok, there are very few exceptions, but certainly doesnt care about custom
Thanks for pointing that out. Yes, I wrote that NSAPI code and the main idea
was to reflect the HTTP_ server/env variables as Apache / CGI spec does. I
know many other SAPIs don't take care and they are broken for lots of
applications because of this. Insufficient knowledge on the APIs of those
SAPIs prevented me from fixing it there, too. Apache SAPIs are safe, because
they don't take care what variables to register, because they take what
Apache itself uses as request variables (so it simply clones the Apache
request environment). And those variables are the ones that everybody
expect. To mimic Apache's behavior (which is also defined in CGI/1.1 spec,
but "optional" only), I programmed the converter in the NSAPI SAPI that
takes all request headers and transform them to CGI variables. It should
also handle "X-" headers correctly (transformed to "HTTP_X_").
So... is this official enough that I can amend the
and the function.apache-request-headers.php pages stating that every HTTP
header including custom ones can be found In SERVER (with the odd security
Theoretically that should be the case, but it isn't for most older SAPIs,
which are partly unmaintained. Also, only NSAPI and ISAPI (as far as I know)
mimic apache_request_headers, this is not part of SAPI spec. The function is
not available in every SAPI.