Don't forget, because $_REQUEST is a different variable than $_GET and $_POST, it is treated as such in PHP -- modifying $_GET or $_POST elements at runtime will not affect the ellements in $_REQUEST, nor vice versa.
e.g:
<?php
$_GET['foo'] = 'a';
$_POST['bar'] = 'b';
var_dump($_GET); // Element 'foo' is string(1) "a"
var_dump($_POST); // Element 'bar' is string(1) "b"
var_dump($_REQUEST); // Does not contain elements 'foo' or 'bar'
?>
If you want to evaluate $_GET and $_POST variables by a single token without including $_COOKIE in the mix, use $_SERVER['REQUEST_METHOD'] to identify the method used and set up a switch block accordingly, e.g:
<?php
switch($_SERVER['REQUEST_METHOD'])
{
case 'GET': $the_request = &$_GET; break;
case 'POST': $the_request = &$_POST; break;
.
. // Etc.
.
default:
}
?>
$_REQUEST
(PHP 4 >= 4.1.0, PHP 5, PHP 7, PHP 8)
$_REQUEST — Variables de requête HTTP
Description
Un tableau associatif qui contient par défaut le contenu des variables $_GET, $_POST et $_COOKIE.
Notes
Note:
Ceci est une 'superglobale', ou variable globale automatique. Cela signifie simplement que cette variable est disponible dans tous les contextes du script. Il n'est pas nécessaire de faire global $variable; pour y accéder dans les fonctions ou les méthodes.
Note:
En ligne de commande, cette variable n'inclut pas les variables argv et argc : elles sont stockées dans le tableau $_SERVER.
Note:
Les variables contenues dans $_REQUEST sont fournies au script via les mécanismes d'entrée GET, POST, et COOKIE et donc, peuvent être modifiées par l'utilisateur final ; aussi, vous ne pouvez faire confiance à leur contenu. La présence ainsi que l'ordre de ces variables dans ce tableau sont définis suivant les directives de configuration PHP request_order, et variables_order.
add a note
User Contributed Notes 5 notes
strata_ranger at hotmail dot com ¶
16 years ago
mike o. ¶
14 years ago
The default php.ini on your system as of in PHP 5.3.0 may exclude cookies from $_REQUEST. The request_order ini directive specifies what goes in the $_REQUEST array; if that does not exist, then the variables_order directive does. Your distribution's php.ini may exclude cookies by default, so beware.
codeblog.pro ¶
4 years ago
In PHP version 7.0 with the default settings.+, $_REQUEST array does not contain cookies.
Luke Madhanga ¶
8 years ago
To access $_POST, $_GET, etc, use the function filter_input(TYPE, varname, filter) to ensure that your data is clean.
Also, I was brought up to believe that modifying superglobals is a BAD idea. I stand by this belief and would recommend you do too
Filomena ¶
4 years ago
Warning:
The way $_REQUEST is populated by default can lead to strange bugs because of the unfortunate default setting of the configuration directive 'variables_order'.
Example: In an e-shop you want to display prices based on user preference. User can either switch the currency or the previous selection is used. By defaut, the following code WILL NOT WORK as expected:
<?php
if ($_REQUEST['currency']) # change currency on user request
{
$currency = $_REQUEST['currency']; # use it
setcookie('currency', $_REQUEST['currency'], 0, 'eshop.php'); # store it
}
else # use default currency
{
$currency = 'USD';
}
# display shop contents with user selected currency
echo 'All prices are shown in ', $currency;
# let the user switch currency
echo '<a href="eshop.php?currency=USD">Switch to USD</a>';
echo '<a href="eshop.php?currency=EUR">Switch to EUR</a>';
?>
Regardless of the user choice, the cookie value is used, so unless you change the default 'request_order' or 'variables_order' the $_REQUEST[something] variable is stuck with the cookie value forever regardless of the user 'REQUEST'.
Fix 1:
<?php
ini_set('request_order', 'CGP'); # use previous value (stored in cookie) or new value upon user request
.
.
.
?>
Fix 2:
Be very careful and patient and go with $_GET, $_POST and $_COOKIE instead of the convenient $_REQUEST. Good luck.
