Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10
  1. #1
    Regular Coder
    Join Date
    Sep 2011
    Posts
    128
    Thanks
    2
    Thanked 21 Times in 21 Posts

    $_REQUEST or $_POST

    Hello,

    I made much sites with $_POST but recently i heard that $_REQUEST is much safer to use (I don't know tbh)

    Do some of you know what is better? And why?

    Thanks,
    Wanna

  • #2
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,472
    Thanks
    71
    Thanked 104 Times in 103 Posts
    $_REQUEST contains: $_COOKIE, $_GET, and $_POST variables

    if you use $_REQUEST you have no guarantee that the data came from the post data, which leads to security holes in your script

    also, if the is a $_GET['var'] = 'foo'; and $_POST['var'] = 'something else'; the $_REQUEST['var'] would be the last one set (i think, not 100% positive)

    Basically... never use $_REQUEST, use $_POST for post method forms, $_GET for query string and get method forms, and $_COOKIE to handle cookies.

  • Users who have thanked myfayt for this post:

    Wanna (09-20-2011)

  • #3
    Regular Coder
    Join Date
    Sep 2011
    Posts
    128
    Thanks
    2
    Thanked 21 Times in 21 Posts
    Thanks for the fast reply.

    I already thought something like that. (That the variable will be overwritten)

  • #4
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,365
    Thanks
    61
    Thanked 530 Times in 517 Posts
    Quote Originally Posted by myfayt View Post
    $_REQUEST contains: $_COOKIE, $_GET, and $_POST variables
    From php5 $_COOKIE was dropped. It now containts just $_GET and $_POST.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #5
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    Quote Originally Posted by tangoforce View Post
    From php5 $_COOKIE was dropped. It now containts just $_GET and $_POST.
    I don't think that's accurate. Do you have a reference for this?

  • #6
    Senior Coder
    Join Date
    Jun 2008
    Location
    New Jersey
    Posts
    2,542
    Thanks
    45
    Thanked 259 Times in 256 Posts
    Its also worth considering: the only reason to use $_REQUEST is when you don't know where your information will be coming from, and if you don't know where your data is coming from, you should rethink your design.

  • #7
    Senior Coder
    Join Date
    Jun 2008
    Location
    New Jersey
    Posts
    2,542
    Thanks
    45
    Thanked 259 Times in 256 Posts
    Quote Originally Posted by Inigoesdr View Post
    I don't think that's accurate. Do you have a reference for this?
    According to PHP documentation, it still contains _COOKIE.

  • #8
    Regular Coder
    Join Date
    Sep 2011
    Posts
    128
    Thanks
    2
    Thanked 21 Times in 21 Posts
    When i look at the php site:
    http://php.net/manual/en/reserved.variables.request.php

    It still says $_COOKIE is included

  • #9
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,365
    Thanks
    61
    Thanked 530 Times in 517 Posts
    I seem to remember being told over at sitepoint that $_COOKIE had been dropped as of v5 / v5.3.

    Perhaps someone has got this wrong then. Doesn't really worry me as I've never used $_REQUEST - I always use $_HTTP = $_GET + $_POST

    EDIT:
    Found something which rang a bell:
    http://www.php.net/manual/en/ini.cor....request-order
    This directive describes the order in which PHP registers GET, POST and Cookie variables into the _REQUEST array. Registration is done from left to right, newer values override older values.

    If this directive is not set, variables_order is used for $_REQUEST contents.

    Note that the default distribution php.ini files does not contain the 'C' for cookies, due to security concerns.
    I knew I'd read about this at more than one place. I've also just done a var_dump($_REQUST) on my system and it never displayed any php session cookie.
    Last edited by tangoforce; 09-20-2011 at 03:09 PM.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #10
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    As mentioned, $_REQUEST, it MAY still contain cookie if C is specified in request_order. That is new as of 5.3.0 if I'm not mistaken.

    Generally speaking, request should always be avoided. Its better to know where something has come from than to assume that its from one or the other. In the event it can come from either, I'd still check _GET first, then _POST. This is specifically because the order can be modified and I do not want to rely on _POST overriding _GET when provided by the system.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •