What is the purpose of $_REQUEST?

Asked

Viewed 865 times

1

According to the PHP Handbook:

The variable $_REQUEST is an associative array that by default contains information of $_GET, $_POST and $_COOKIE.

So these variables are a kind of mixture.

What is the purpose of getting so much data from the request POST as GET and the like?

2 answers

2


The superglobal $_REQUEST brings together all the values present in the superglobals $_GET, $_POST and $_COOKIE in a single associative array.

If there are one or more values present in more than one superglobal, they are filled in $_REQUEST in accordance with Directive request_order:

This Directive describes the order in which PHP Registers GET, POST and Cookie variables into the _REQUEST array. Registration is done from left to right, newer values override Older values. If this Directive is not set, variables_order is used for $_REQUEST Contents. Note that the default Distribution php.ini files does not contain the 'C' for cookies, due to security Concerns.

The value of the directive variables_order by default is GC, that is, the values of $_GET and then the values of $_POST, to fill in the values of $_REQUEST.

  • If I wanted to take everything, it would be easier to give one array_merge($_POST, $_GET). PHP is a little crazy

  • 2

    Not necessarily. If your server is configured so that only the superglobal $_REQUEST is available (through Directive variables_order), you couldn’t do that.

  • Then I’d have to be able to access the ini_set or the php.ini. But the idea is valid!

  • 2

    @Wallacemaxters $_REQUEST = 9 characters, array_merge($_POST, $_GET, $_COOKIE) = 36

1

The $_REQUEST is the generic type of $_GET, $_POST,$_COOKIE for it doesn’t matter if your data is coming via $_GET or $_POST it rescues both, its use is little recommended.

Why its use is not recommended?

The biggest reason is security, imagine you have a form on the page pagina1.php which will be sent to pagina2.php.

If you use the $_REQUEST data can be passed directly by querys string, so your application will be subject to attacks.

See the note in the PHP manual:

Variables in $_REQUEST are provided for the script via GET, POST, and COOKIE input mechanisms and porting could be modified by a remote user and cannot be trusted. A the presence and order of the variables listed in this array is defined as according to the PHP configuration directive variables_order.

So if it doesn’t matter if your data is sent via get or post use $_REQUEST otherwise forget it.

References : $_GET, $_POST, $_REQUEST where, when, and how

Browser other questions tagged

You are not signed in. Login or sign up in order to post.