problem regarding $_REQUEST

Question

Hello,

I am beginner in PHP and i read in manual that $_REQUEST is a associative array consisting of cookies, get and post arrays. I want to know which takes precedence in request array.

Say, suppose i have a variable user in $_POST as well as $_COOKIE, and if i use echo $_REQUEST['user'] then which would print. I tried it and i get the value set in $_POST. If i want to print value of $_COOKIE what should i use? I know $_COOKIE is there but still using $_REQUEST if i want to print it, then how should i do it?

Thanks in advance :)

Answer 1

from $_REQUEST man page:

The variables in $_REQUEST are provided to the script via the GET, POST, and COOKIE input mechanisms and therefore could be modified by the remote user and cannot be trusted. The presence and order of variables listed in this array is defined according to the PHP variables_order configuration directive.

Answer 2

It depends. There is a setting for it called request_order.

Answer 3

You really shouldn't be using $_REQUEST you should instead being the individual GLOBALS

echo $_POST['user'];
echo $_COOKIE['user'];
echo $_GET['user'];

This will add an extra security layer to your app

Answer 4

http://www.php.net/manual/en/ini.core.php#ini.request-order

This directive describes the order in which PHP registers GET, POST and Cookie variables into the $_REQUEST array. Registration is done from left to right, newer values override older values.

If this directive is not set, variables_order is used for $_REQUEST contents.

Note that the default distribution php.ini files does not contain the 'C' for cookies, due to security concerns.

Answer 5

From the PHP manual on $_REQUEST (php.net):

Note: The variables in $_REQUEST are provided to the script via the GET, POST, and COOKIE input mechanisms and therefore could be modified by the remote user and cannot be trusted. The presence and order of variables listed in this array is defined according to the PHP variables_order configuration directive.

In fact PHP uses the request_order config value, but falls back on variables_order if empty.

A possible value for request or variables order might look like this: "GPC". This means that first all Get variables are associated, then the Post- and after that the Cookie variables are associated. The order is from left to right, already defined values are overwritten. Except from GET, POST and cookie values, PHP can also associate environment ("E") and server ("S") variables.

You'll find the corresponding manual entries for the PHP config here.

Answer 6

Just do a print_r($_REQUEST) and you will see, that as it's an associative array which can only have one value per key. So if you use the same key on POST, GET and COOKIE, there will only be one value in the array and so you can't get the other values out of the $_REQUEST array. In this case you MUST use the $_COOKIE super global.