Does anyone use $_REQUEST?

Forum Moderators: coopster

Message Too Old, No Replies

Does anyone use $_REQUEST?

as opposed to $_GET, $_POST, etc ..

Warboss Alex

7:21 pm on Jan 5, 2005 (gmt 0)

Seriously, I've never used it so far, I've only worked with $_GET, $_POST etc.

Is there any advantage/best practice to using $_REQUEST? I can't think of a time when you'd NOT want to differentiate between $_GET and $_POST for example..

I'm curious, 's all! :)

Alex ...

jamie

7:54 pm on Jan 5, 2005 (gmt 0)

i use it in my admin scripts (cos it's convenient) and also for debugging stuff.

mincklerstraat

8:07 pm on Jan 5, 2005 (gmt 0)

You might want to use $_REQUEST if you've got some one variable on a form that can come in either via $_POST or $_GET - i.e. not such a sensitive one - like, say you have a form for ordering records, on each record review you could have a $_GET request to the form that already contains the record's name (ok, think CD's, I guess I'm old). Your form would then be just half a line of code shorter than checking for both on the CD name.

jatar_k

11:28 pm on Jan 5, 2005 (gmt 0)

don't use it

from
[php.net...]

Variables provided to the script via the GET, POST, and COOKIE input mechanisms, and which therefore cannot be trusted. The presence and order of variable inclusion in this array is defined according to the PHP variables_order configuration directive.

vincevincevince

12:32 am on Jan 6, 2005 (gmt 0)

as mincklerstraat said...

For example, I have a script which changes the currency for 2checkout on the fly. The script accepts POST or GET (i.e. either from a buy now form, or from an emailed link), and then after changing the currency, forwards the buyer to the checkout page at 2co.

Because I want to accept any type of input with those parameter names, and just pass them on, I use $_REQUEST throughout.

On another related point using $_REQUEST is no different really to having register_globals on...

jollymcfats

12:53 am on Jan 6, 2005 (gmt 0)

I use $_REQUEST exclusively. There are almost no instances in which I care if the input came from the query string, POST or both*. I do often check REQUEST_METHOD though.

_{*Login screens being just about the only time.}

coopster

12:51 pm on Jan 6, 2005 (gmt 0)

Another discussion on the topic...

$_REQUEST or $_POST? [webmasterworld.com]

mincklerstraat

8:43 pm on Jan 6, 2005 (gmt 0)

That's a good thread there.

One more note on $_REQUEST - I use it very ocasionally, and then only for the value(s) which might come in from different methods, and if they're in any way important, I check at the time the form is submitted after being frozen (that it's really $_POST). Maybe paranoid-sounding, but security likes mild paranoia.

This way is also nice keeping your ducks in a row when you have to turn back to your own code and try to figure out what it was doing. The difference between seeing all the $_POST variables and those couple of $_REQUEST variables signals immediately what's up, even if the script isn't well-commented. These little hints about 'what's happening' can be so helpful when you need them.

jatar_k

9:51 pm on Jan 6, 2005 (gmt 0)

using a little print_r on $_REQUEST is always educational and sometimes very helpful for input corruption.