GPC stands for GET, POST, COOKIE, which are three methods of transferring information between dynamic web pages. All three are very useful in different situations, although Cookies have gotten (undeservedly, IMHO) bad press in the past. Here's a short explanation of each:
  • GET: GET data is passed directly in the URL of the page, i.e.
    http://everything2.com/?node=blah
    This will assign the value "blah" to the variable named "node". The data can be placed in the URL via an HTML Form or simply included in the HREF attribute of an <A> tag. However, because anything passed via GET can be seen and/or modified in the URL, it is not the most secure method and should not be used where sensitive data is being transferred. (Side Note: most if not all HTTP servers will log all GET data in their access logs, which is another concern).
  • POST: POST data is sent in the HTTP header along with the request for the page that it is submitted to. This means it cannot be seen or modified by the user and so is more secure. Also, files can be uploaded via POST, with ENCTYPE="multipart/form-data" in your <FORM> tag, and <INPUT TYPE="FILE"> in your form.
  • COOKIE: COOKIE data is stored in a small file on the user's computer. HOLY INVASION OF PRIVACY, BATMAN! Well, not really. Seeing as you're storing the file, simply delete it, or change your browser settings to refuse all cookies. Some browsers will let you refuse 3rd party cookies (cookies that are set through banner ads/counters/etc) while accepting others.
    Anyway, cookies are incredibly useful, in that they can store login information to automatically log you in to some sites (e.g. this one), and to keep you logged in. Of course, once you are logged in, your session ID could be passed around each page using GET and POST, but that is a little messy.

GPC is also a configuration option in PHP. It determines which kind of data given to a script is more "important". For example, a script is passed GET and POST data, like this:

<FORM METHOD="POST" ACTION="http://server.com/page.php?Variable=Value1">
 <INPUT TYPE="TEXT" NAME="Variable" VALUE="Value2">
 <INPUT TYPE="SUBMIT">
</FORM>
In the above example, the script "page.php" will be receiving the variable Variable twice, once via GET and once via POST. So which value does it set the internal PHP variable, $Variable, to use? Well, it looks at the GPC configuration. GPC is the default order, so first it sets $Variable to the GET value, Value1. Then it overwrites that by setting $Variable to the POST value, Value2. It then checks COOKIE variables, and finding none named "Variable", it leaves $Variable as it is.

You can probably see that this is an important configuration, as allowing (for instance) COOKIE data to be overwritten by GET data (something that can be typed in manually) by setting the order to CPG would have some security implications. Also, setting it to, for example, P, would make PHP ignore all cookies and all GET data, and only accept POST data.

It should be noted that in PHP 4, GPC has become EGPCS, the E being ENV variables, set at operating system (of the web server) level, and S being SERVER variables, set by the web server software.