23 January 2007
What is $_REQUEST, or the difference between $_REQUEST, $_GET and $_POST
PHP provides you a number of “super-global” variables. These include $_GET, $_POST, $_COOKIE, $_SESSION, $_SERVER, $_ENV, $_FILES and $_REQUEST. Most of these are fairly self-explainatory. $_GET are the variables passed by forms with a GET method or after the end of the path such as example.com/search.php?GETARG1=GETVAL1&foo=bar. $_POST is any variable submitted by a form with method POST. $_COOKIE is full of cookies setup by your PHP script. $_FILES is full of any uploaded files submitted through a form with enctype multipart/data and method POST. $_SESSION are variables you have set and committed to the session. $_ENV are environment settings from the operating system. $_SERVER are variables set up by Apache. They’re all fairly self explainatory.
Except $_REQUEST.
$_REQUEST seems sporadic. Sometimes it matches $_POST, sometimes $_GET, sometimes it seems to pick and choose.
Its logic is fairly simple. Request is full of the “unsafe” variables. It will generally contain $_GET, $_POST and $_COOKIE. This is configurable and is documented. In the beginning of execution, $_REQUEST is a clone of $_GET. $_POST is then merged into the array, overwriting keys if they exist in both $_GET and $_POST. Finally, $_COOKIE is merged into the array, again overwriting old values.
$_FILES, though user input, it not included in this array for numerous reasons. For one, PHP has numerous security parameters guarding it already. Any data in $_FILES is complete and usable. It may not be what you’d like, but validation is a separate issue. You might argue that validation is also a separate issue in $_GET, but there, validation is all you will do to it. $_FILES will often be used directly. Likewise, $_FILES only exists under certain circumstances, and further, if corrupt data is submitted, PHP will not use it. Finally, $_FILES has an entirely different data structure than the rest. While a sound argument can be made for inclusion of $_FILES into $_REQUEST, a like argument can be made against it. For now, it’s not included.
It is important to note that $_REQUEST does not hold references to the $_GET, $_POST and $_COOKIE values, nor do they hold references to $_REQUEST. Each is an independent variable. This can be disturbing to programmers, as it is an intentional duplication at the language level. Much of programming centers around eliminating duplication and redundancy in code, and $_REQUEST only adds to it.
To me, its good outweighs its bad. And it is one of the features which make PHP a web language.
I want to know clearly the differences $_REQUEST,$_GET and $_POST supper global variables. Now I am almost new for PHP and reading different materials. Please could you explain the above things with example? I will expect the respon by my email.Thanks in advance