PHP $_REQUEST

[lucerias]

I have gone through the information of $_REQUEST of PHP.net but still can't get the idea on $_REQUEST. Can you guys explain it in an understandable way? You may provide example for explanation if necessary. Thank you.

[brendandonhue]

$_REQUEST contains $_GET, $_POST, and $_COOKIE.

[lucerias]

Then what does the following code mean? Thank you

if(isset($_REQUEST['customer_name'])) $xtpl->assign("CUSTOMER_NAME", $_REQUEST['customer_name']);

[btherl]

That means "If customer_name is set as a cookie, or was sent through a GET request, or was sent through a POST request, then use whichever one is set in [code=php:0]$xtpl->assign("CUSTOMER_NAME", whichever one was set)[/code]

$xtpl->assign() looks like it sets a variable for a template.  Does the script use Smarty templates?

[btherl]

To learn a bit more, create the following script phpinfo.php

[code=php:0]<?php phpinfo(); ?>[/code]


Then call it like this:

http://www.domain.com/phpinfo.php?var=value&othervar=othervalue

Then scroll down and see what values are in $_GET and $_REQUEST.

[lucerias]

Yes, it does.

[lucerias]

Sorry, i may ask something which you have already answered me, but i just can't get the whole picture yet. I use var_dump ($_REQUEST) and then run the .php, it shows up the content of the array. I am curious i never defined what to be included and how come the content is there already? Thank you.

[brendandonhue]

The values of $_REQUEST are sent by the user when they request the page.

[lucerias]

For example, if i link from x.php to y.php and then link from y.php to z.php, will the $_REQUEST include all the things that passed from x.php to y.php and to z.php? Thank you.

[brendandonhue]

No, not unless you store them in a cookie.

[lucerias]

The example that i has seen only involves .php and .html form and how does $_REQUEST help in that? Is there any connection between .html form parameter and $_REQUEST coded in .php? Thank you

[btherl]

Yes, there is a VERY close connection between forms and $_REQUEST.

If you use [code=php:0]<form method=get>[/code], then all form variables will be available in $_GET and $_REQUEST when the form is submitted.

If you use [code=php:0]<form method=post>[/code], then all form variables will be available in $_POST and $_REQUEST when the form is submitted.

This is all done for you by PHP.  You don't need to set $_GET, $_POST or $_REQUEST.

Cookies are quite different, and are closely linked to sessions.

For example:

[code=php:0]<form method=post>
<input type=text name='foo' value='bar'>
<input type=submit name=Submit value=Submit>
</form>[/code]


If that form is submitted, then you will find [code=php:0]$_POST['foo'] = 'bar'[/code], and [code=php:0]$_POST['Submit'] = 'Submit'[/code].  You will also find those variables in $_REQUEST.

[lucerias]

brendandonhue, I understand the examples but still can't see the great differences between cookies and non cookies method, because the cookies examples you provided seems similar to the first method.

[brendandonhue]

$_GET and $_POST are only submitted to 1 page when the user submits a form.  Cookies are stored on the user's computer and any page on your site can access them. GET, POST, and Cookies are all stored in $_REQUEST.

[printf]

A good idea is to not use $_REQUEST at all, only use it for internal GLOBAL scope, where values you set are safe variables. Most times you want to control the type of action that is being passed to your script. For a normal visitor you will never have a problem with form data being passed to your script, but for the bad people you have to set some sort of method limit that the script will accept. So if you have a POST form, then you only take data from the POST array. If you have POST and want to accept GET data, like a SID added to the form action then you know to check if it is being passed to your script. Again this is limit type logic, where you expect POST, so only allow POST, or if you expect GET, then only allow GET, if it can be POST or GET, then allow REQUEST, but still setup a restriction based control so you don't overload the variable scope of your script with variables that you don't need or variables that are passed by the user and are not expected.


You as the developer can do anything you want, but remember this, using $_REQUEST is a bad idea, it tells me you don't understand how to add the proper control logic that all scripts should have. Sire $_REQUEST may be easier, but if variable needs to be a COOKIE variable and I pass it as a GET variable you will never know that, if you don't test the $_COOKIE array for that variable. So using $_REQUEST may save you a few if(s), but it's still a bad habit, which means your asking your self the wrong question if you think using it is the answer!

Sonia