$_request

[coolphpdude]

hi,

 

I was told to use $_request instead of $_post or $_get. can somebody explain in plain english what $-request does and is it better/more efficient, etc... than the others.

 

Thanks

 

Pete

[Garethp]

$_REQUEST gets BOTH POST and GET. It means that you don't have to worry about whether the information is coming in through POST or GET

[cbolson]

$_REQUEST is actually a bit more complicated than that as it also returns variables sent by the browser.

 

Whilst it is true that you can *normally* use it to access $_GET and $_POST values, some servers have this desactivated so you shouldn't rely on it.

Also, as $_POST and $_GET are different, theoretically both of them could be passed to the page which might result in confusing results (I can't remember right now which one takes priority).

 

Anyway, more info can be found here: http://us2.php.net/manual/en/reserved.variables.request.php

 

Chris

[DEVILofDARKNESS]

I personaly use or $_POST or $_GET (or both) but not $_request.

[MatthewJ]

I'll have to say I have not ever run into a server that does not support $_REQUEST...

 

Though there might be some exceptions, I have to agree with garethp on this one... it is just superglobal that contains $_GET, $_POST, and $_COOKIE if you don't duplicate variable names, you'll be fine but I wouldn't call it "better"

[DEVILofDARKNESS]

I don't use it because I know I sometimes use duplicate names, but it's more something you prefer or you don't prefer.  We can't say You have to use that because ... and not that because ....

[PFMaBiSmAd]

Since $_REQUEST combines post/get/cookie, it has two problems and should not be used -

 

1) If you happen to add a post/get/cookie with the same name as an existing post/get/cookie, your code won't work as expected, so you must spend more time keeping track of which post/get/cookie you have used so that you don't duplicate any names. In larger projects and in projects that are divided between multiple programmers, $_REQUEST would never be considered. And don't forget that when you look at your code a month from now or a year from now and you have forgotten exactly where the $_REQUEST variable is coming from and you must change or add something, do you really want to spend the extra time figuring out what any $_REQUEST variable actual means or you do want to use the actual $_POST/$_GET/$_COOKIE so that just looking at the code will tell you where it is coming from?

 

2) Since you cannot tell where a $_REQUEST variable actually comes from you loose a level of automatic validation against hackers trying to break into your script. You might be expecting a $_COOKIE or $_POST variable in your code, but a hacker can just sit there changing a $_GET variable on the end of the URL to send different cookie/post values to your script in order to try to break in. Why make it EASIER for a hacker? By using the exact $_POST/$_GET/$_COOKIE that your code is expecting, you get a free level of automatic built-in validation that the data is coming where you expect it to be coming from.

 

In those rare cases where a value your script expects might come from a same name $_POST variable one time and a $_GET variable a different time, why not just put in the necessary code to test for, validate which one they came from, and combine them yourself.

 

$_REQUEST was one of several things put into php in its' early days to make writing code 'easier'. However, every one of the lazy-way short-cuts have turned out to cause more problems, like making code less secure and wasting time troubleshooting when code and data does not work, then they ever saved in typing time while the code was being written.

[PFMaBiSmAd]

LOL, since typing $_REQUEST (9 characters) is more than $_POST (6 char), $_GET (5 char), or $_COOKIE (8 char), using $_REQUEST to reference values that always come from the same source is actually more typing. The most common usage of $_REQUEST actually wastes the programmer's time.