When a script starts, the initial values for global variables come from one of several sources, in order of decreasing precedence:
EXPORTed variables from the URL.
EXPORTed variables from the state table.
GETmethod on a form, or
POSTmethod on a form). These could also be multipart MIME variables from a form upload (p here).
These sources are checked in decreasing order: the first source that has values for a given variable will be used. Only values from this first (highest precedence) source will be used to initialize the global variable. If none of these sources has a value for the variable, it has no initial values.
Because of this ordering, lower-precedence values cannot override
higher ones when more than one source has values for the same
EXPORTed state variable will always have its
state value rather than the value from a form if both are given; the
form value is only used if no state was saved. An environment
$REMOTE_ADDR will be used rather than a URL
variable of the same name. This helps prevent (un)intentional
manipulation of a script's variables by the Web client: more
"trusted" sources are used before less "trusted" ones.
This precedence ordering can be altered in
by using the
USEROK flag (here). When an
EXPORT variable is flagged
USEROK, the URL and Content
sources (i.e. form variables) have highest precedence, before the state