What's wrong with using $_REQUEST[]?
There's absolutely nothing wrong with taking input from both $_GET
and $_POST
in a combined way. In fact that's what you almost always want to do:
for a plain idempotent request usually submitted via GET, there's the possibility the amount of data you want won't fit in a URL so it has be mutated to a POST request instead as a practical matter.
for a request that has a real effect, you have to check that it's submitted by the POST method. But the way to do that is to check
$_SERVER['REQUEST_METHOD']
explicitly, not rely on$_POST
being empty for a GET. And anyway if the method isPOST
, you still might want to take some query parameters out of the URL.
No, the problem with $_REQUEST
is nothing to do with conflating GET and POST parameters. It's that it also, by default, includes $_COOKIE
. And cookies really aren't like form submission parameters at all: you almost never want to treat them as the same thing.
If you accidentally get a cookie set on your site with the same name as one of your form parameters, then the forms that rely on that parameter will mysteriously stop working properly due to cookie values overriding the expected parameters. This is very easy to do if you have multiple apps on the same site, and can be very hard to debug when you have just a couple of users with old cookies you don't use any more hanging around and breaking the forms in ways no-one else can reproduce.
You can change this behaviour to the much more sensible GP
(no C
) order with the request_order config in PHP 5.3. Where this is not possible, I personally would avoid $_REQUEST
and, if I needed a combined GET+POST array, create it manually.
Why should I use $_GET and $_POST instead of $_REQUEST?
I use $_REQUEST when I just want certain data from the user to return certain data.
Never use $_REQUEST when the request will have side effects. Requests that produce side effects should be POST (for semantic reasons, and also because of basic CSRF stuff, a false img tag can hit any GET endpoint without a user even knowing).
$_GET should be used when GETing or POSTing to a page will produce different results.
Among $_REQUEST, $_GET and $_POST which one is the fastest?
$_REQUEST
, by default, contains the contents of $_GET
, $_POST
and $_COOKIE
.
But it's only a default, which depends on variables_order
; and not sure you want to work with cookies.
If I had to choose, I would probably not use $_REQUEST
, and I would choose $_GET
or $_POST
-- depending on what my application should do (i.e. one or the other, but not both) : generally speaking :
- You should use
$_GET
when someone is requesting data from your application. - And you should use
$_POST
when someone is pushing (inserting or updating ; or deleting) data to your application.
Either way, there will not be much of a difference about performances : the difference will be negligible, compared to what the rest of your script will do.
What's the difference between $_POST, $_GET, and $_REQUEST?
$_POST is an associative array of variables passed to the current script via the HTTP POST method when using application/x-www-form-urlencoded or multipart/form-data as the HTTP Content-Type in the request.
You can use when you are sending large data to server or if you have sensitive information like passwords, credit card details etc
$_GET is an associative array of variables passed to the current script via the URL parameters. you can use when there is small amount of data, it is mostly used in pagination, page number is shown in the url and you can easily get the page number from URL using $_GET
$_REQUEST is a 'superglobal' or automatic global, variable. This simply means that it is available in all scopes throughout a script. It is an associative array that by default contains the contents of $_GET, $_POST and $_REQUEST (depending on request_order=
)
Using isset($_REQUEST[p]) or $_REQUEST[p]
They have error_reporting
turned down, which is nice because it means you can do things like
if ($_POST['whatever']) { ... }
instead of
if (isset($_POST['whatever'])) { ... }
but it also stops you from seeing other possibly pertinent errors.
this setting is found in the php.ini
file under the variable error_reporting
.
More information on the ini file can be found here: http://php.net/manual/en/ini.php
also, isset($_REQUEST["p"])=="procurar"
while sytactically correct, is never going to return true, because isset()
returns a boolean value.
what you want is isset($_REQUEST['p']) && $_REQUEST['p'] == 'procurar'
$_REQUEST in PHP
$_REQUEST is a super global array. Just like $_GET, $_POST, $_COOKIE, $_SESSION etc. That means it can store a list information numerically or associatively.
For example:
Associative:
$array = array(key->value, key->value);
Numeric:
$array = array([0]->value, [1]->value);
In the case of $_REQUEST or $_POST or $_GET these arrays will store encoded data sent to the PHP header.
for example:
$_REQUEST['key'] = value;
or
you have a navigation item:
<a href='?key=value'>value</a> //for $_GET
PHP will encode that key->value into the url and save it to the super global array that you are using. To access it call:
echo $_REQUEST['key']; //returns 'value'
In your case msg is, so far, not encoded to the browser. It needs to be passed by different means(forms, href's etc.). So,
$_REQUEST['msg'] = 'new';
if(isset($_REQUEST['msg'])){ //use isset() to avoid an error
if($_REQUEST['msg'] == "new"){
$message = "New User has been added successfully";
}else if($_REQUEST['msg'] == 'edit'){
$message = "User has been saved successfully";
}else if($_REQUEST['msg'] == 'update'){
$message = "User(s) has been Updated successfully";
}
} //returns $message = "New user..."
$_REQUEST is not suggested because it makes it hard to control what information is processed. $_GET requests show the key->value pairs in the url. Information that you don't want as visible probably shouldn't be shown there. With $_REQUEST a user can send that key->value pair over the url to see what information needs to be passed and exploit that in other ways (google cross-site request forgeries).
TL;DR : $_REQUEST['msg'] -- 'msg' is a key in a key->value pair ('new'| 'edit' | 'update' being the value)
$_REQUEST is a superglobal array that saves values that can be used by the user in any scope in other parts of the website.
Related Topics
Target Class Controller Does Not Exist - Laravel 8
What Is the Use of the @ Symbol in PHP
How to Remove Duplicate Values from an Array in PHP
Strange Behavior of Foreach When Using Reference: Foreach ($A as &$V) { ... }
Simplest Way to Profile a PHP Script
If Block Inside Echo Statement
How to Encrypt/Decrypt Data in PHP
How to Prevent Browser Cache For PHP Site
PHP Pass by Reference in Foreach
How to Force File Download With PHP
Parse Xml With Namespace Using Simplexml
Pdoexception Sqlstate[Hy000] [2002] No Such File or Directory
Htmlentities() Vs. Htmlspecialchars()
How to Convert an Image to Base64 Encoding
PHP 7.2 Function Create_Function() Is Deprecated
Curl Error 60: Ssl Certificate: Unable to Get Local Issuer Certificate