What is the purpose of $_REQUEST?

Question

What is the purpose of $_REQUEST?

Asked 9 years ago

Viewed 865 times

1

According to the PHP Handbook:

The variable $_REQUEST is an associative array that by default contains information of $_GET, $_POST and $_COOKIE.

So these variables are a kind of mixture.

What is the purpose of getting so much data from the request POST as GET and the like?

2 answers

2

The superglobal $_REQUEST brings together all the values present in the superglobals $_GET, $_POST and $_COOKIE in a single associative array.

If there are one or more values present in more than one superglobal, they are filled in $_REQUEST in accordance with Directive request_order:

This Directive describes the order in which PHP Registers GET, POST and Cookie variables into the _REQUEST array. Registration is done from left to right, newer values override Older values. If this Directive is not set, variables_order is used for $_REQUEST Contents. Note that the default Distribution php.ini files does not contain the 'C' for cookies, due to security Concerns.

The value of the directive variables_order by default is GC, that is, the values of $_GET and then the values of $_POST, to fill in the values of $_REQUEST.

If I wanted to take everything, it would be easier to give one array_merge($_POST, $_GET). PHP is a little crazy

– Wallace Maxters

2015/11/19 at 15:30
2

Not necessarily. If your server is configured so that only the superglobal $_REQUEST is available (through Directive variables_order), you couldn’t do that.

– Rodrigo Rigotti

2015/11/19 at 15:33
Then I’d have to be able to access the ini_set or the php.ini. But the idea is valid!

– Wallace Maxters

2015/11/19 at 15:42
2

@Wallacemaxters $_REQUEST = 9 characters, array_merge($_POST, $_GET, $_COOKIE) = 36

– Guilherme Lautert

2015/11/19 at 15:44

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.

by Gabriel Rodrigues • **15,969** points · Answer 1 · 2015-11-19T15:26:11+00:00

The $_REQUEST is the generic type of $_GET, $_POST,$_COOKIE for it doesn’t matter if your data is coming via $_GET or $_POST it rescues both, its use is little recommended.

Why its use is not recommended?

The biggest reason is security, imagine you have a form on the page pagina1.php which will be sent to pagina2.php.

If you use the $_REQUEST data can be passed directly by querys string, so your application will be subject to attacks.

See the note in the PHP manual:

Variables in $_REQUEST are provided for the script via GET, POST, and COOKIE input mechanisms and porting could be modified by a remote user and cannot be trusted. A the presence and order of the variables listed in this array is defined as according to the PHP configuration directive variables_order.

So if it doesn’t matter if your data is sent via get or post use $_REQUEST otherwise forget it.

References : $_GET, $_POST, $_REQUEST where, when, and how