What is the purpose of $ _REQUEST? [duplicate]

1

According to the PHP Manual:

  

The $_REQUEST variable is an associative array that by default contains information from $ _GET, $ _POST, and $ _COOKIE.

So, this variable is a kind of blend.

What is the purpose of getting as much data from the POST request as GET and the like?

    
asked by anonymous 19.11.2015 / 16:18

2 answers

2

The superglobal $_REQUEST gathers all the values present in the superglobals $_GET , $_POST and $_COOKIE into a single associative array.

If there are one or more values present in more than one superglobal, they are populated in $_REQUEST according to the directive request_order :

  

This directive describes the order in which PHP registers GET, POST and Cookie variables into the _REQUEST array. Registration is done from left to right, newer values override older values.   If this directive is not set, variables_order is used for $ _REQUEST contents.   Note that the default distribution php.ini files does not contain the 'C' for cookies, due to security concerns.

The value of the variables_order directive by default is GC , that is, the values of $_GET and then the values of $_POST are first taken into account to fill in the values of $_REQUEST.

    
19.11.2015 / 16:29
1

The $_REQUEST is the generic type of $_GET, $_POST,$_COOKIE for it both if your data is coming via $ _GET or $ _POST it rescues both, its use is little recommended.

Why is your usage not recommended?

The biggest reason is security, suppose you have a form on the pagina1.php page that will be sent to pagina2.php .

If you use $ _ REQUEST data can be passed directly through querys string, then your application will be subject to attacks.

See the note in the PHP manual:

  

Variables in $ _REQUEST are provided for the script via GET, POST, and COOKIE input mechanisms and could be   modified by a remote user and can not be trusted. THE   the presence and order of the variables listed in this array is defined   according to the PHP configuration directive variables_order.

So, if it does not matter if your data is sent via get or post, use $_REQUEST otherwise forget it.

References: $ _GET, $ _POST, $ _REQUEST where, when and how

    
19.11.2015 / 16:26