The $_REQUEST
is the generic type of $_GET, $_POST,$_COOKIE
for it doesn’t matter if your data is coming via $_GET or $_POST it rescues both, its use is little recommended.
Why its use is not recommended?
The biggest reason is security, imagine you have a form on the page pagina1.php
which will be sent to pagina2.php
.
If you use the $_REQUEST data can be passed directly by querys string, so your application will be subject to attacks.
See the note in the PHP manual:
Variables in $_REQUEST are provided for the script via GET, POST, and COOKIE input mechanisms and porting could be
modified by a remote user and cannot be trusted. A
the presence and order of the variables listed in this array is defined as
according to the PHP configuration directive variables_order.
So if it doesn’t matter if your data is sent via get or post use $_REQUEST
otherwise forget it.
References : $_GET, $_POST, $_REQUEST where, when, and how
If I wanted to take everything, it would be easier to give one
array_merge($_POST, $_GET)
. PHP is a little crazy– Wallace Maxters
Not necessarily. If your server is configured so that only the superglobal
$_REQUEST
is available (through Directivevariables_order
), you couldn’t do that.– Rodrigo Rigotti
Then I’d have to be able to access the
ini_set
or thephp.ini
. But the idea is valid!– Wallace Maxters
@Wallacemaxters
$_REQUEST
= 9 characters,array_merge($_POST, $_GET, $_COOKIE)
= 36– Guilherme Lautert