A community in which webmasters can ask for help with topics such as PHP coding , MySQL , IT jobs, web design, IT security.
Current location:homephp forumphp talk in 2008 yearWhy should I use $_GET and $_POST instead of $_REQUEST? [duplicate] - page 1
User InfoPosts
Why should I use $_GET and $_POST instead of $_REQUEST? [duplicate]#1
This question already has an answer here:


What's wrong with using $_REQUEST[]?

14 answers




Besides the fact that $_REQUEST reads from cookies, are there any reasons why I should use $_GET and $_POST instead of $_REQUEST? What are theoretical and practical reasons for doing so?

posted date: 2008-12-15 05:16:00


Re: Why should I use $_GET and $_POST instead of $_REQUEST? [duplicate]#2
I had made out the solution of this problem. click to view my topic...

hope that hepls.

posted date: 2008-12-15 05:16:01


Re: Why should I use $_GET and $_POST instead of $_REQUEST? [duplicate]#3
The usage of $_REQUEST opens some attack vectors to your application where variables could be overwritten where you wouldn't want it to happen.Also consider the order GPC (Get, Post, Cookie) on which the $_REQUEST will get filled.i.e. a request with:$_GET['foo'] = 'bar'$_POST['foo'] = 'baz'will result in$_REQUEST['foo'] == 'bar'

posted date: 2008-12-15 05:20:00


Re: Why should I use $_GET and $_POST instead of $_REQUEST? [duplicate]#4
Note that you can change what order the Request variable is populated in, if you control php.ini

posted date: 2008-12-15 05:24:00


Re: Why should I use $_GET and $_POST instead of $_REQUEST? [duplicate]#5
Excellent answer! I hope to see more of these.

posted date: 2008-12-15 05:54:00


Re: Why should I use $_GET and $_POST instead of $_REQUEST? [duplicate]#6
the often-mentioned insecurity of $_REQUEST is bogus. all these are ways to get data from the user, which has a non-secured machine. you always have to sanitise the input, so there's no real security advantage from using either one.it's only significant if you have different uses for values with the same name on different channels. in that case, you should rename some of them anyway.

posted date: 2008-12-15 05:56:00


Re: Why should I use $_GET and $_POST instead of $_REQUEST? [duplicate]#7
Besides the fact that $_REQUEST reads from cookiesBesides the fact that this is undefined (It's configurable on a per-installation level), the problem using $_REQUEST is that it over-simplifies things. There is (or should be) a semantic difference between a GET request and a POST request. Thus it should matter to your application if you get input from one source or the other. This is how the HTTP protocol is defined, so by ignoring it, you are undermining the protocol, which makes your application less interoperable. It's the same type argument that can be made for using semantic HTML markup, rather than presentation-oriented markup. Or more generally, following the intentions of a protocol rather than just doing whatever works in the concrete situation.

posted date: 2008-12-15 06:08:00


Re: Why should I use $_GET and $_POST instead of $_REQUEST? [duplicate]#8
Here's one I've just found: http://www.momige.com/107683/when-and-why-should-request-be-used-instead-of-get-post-cookie. I'm sorry I didn't find it sooner, so I wouldn't have asked the question...

posted date: 2008-12-15 07:31:00


Re: Why should I use $_GET and $_POST instead of $_REQUEST? [duplicate]#9
I use $_REQUEST when I just want certain data from the user to return certain data.Never use $_REQUEST when the request will have side effects. Requests that produce side effects should be POST (for semantic reasons, and also because of basic CSRF stuff, a false img tag can hit any GET endpoint without a user even knowing).$_GET should be used when GETing or POSTing to a page will produce different results.

posted date: 2008-12-15 07:44:00


Re: Why should I use $_GET and $_POST instead of $_REQUEST? [duplicate]#10
Very true, people want to scream that request is some big security hole, but even GET and POST are equally insecure, it's easy to interject naughty bits into them, you need to always sanitize all data, even the stuff that comes from your database.

posted date: 2008-12-15 09:00:00


Re: Why should I use $_GET and $_POST instead of $_REQUEST? [duplicate]#11
Congratulations, you just got your first accepted answer :) Welcome to www.momige.com!

posted date: 2008-12-16 03:06:00


Re: Why should I use $_GET and $_POST instead of $_REQUEST? [duplicate]#12
HTTP GET is semantically meant to be used to fetch a page, while POST can be argued that when used, you'd expect that some kind of state is changed.For example, there's an expectation that using GET with the same parameters multiple times yield the same results, while using POST, they may not.Not using POST when you should yield to problems. I think the Ruby on Rails AJAX libraries used GET instead of POST, and lead to a lot of data being lost when being touched upon by web spiders.Hence, you should probably avoid using $_REQUEST. You should know the purposes of what the page does, and decide on how to answer a GET request, and how to answer a POST request.

posted date: 2008-12-16 14:50:00


select page: « 1 2 »
Copyright ©2008-2017 www.momige.com, all rights reserved.