“The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.”
—Tim Berners-Lee, W3C Director and inventor of the World Wide Web
$_REQUEST is a combination of $_POST, $_GET and $_COOKIE. That means if you also have a cookie named 'username' as well as a POST variable the dominant variable will overwrite the recessive one.
I always use "Request". That way I can change the form to get or store form values in cookies.
“The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.”
—Tim Berners-Lee, W3C Director and inventor of the World Wide Web
To you, which is why you don't do it. To me it sounds like good coding practice which is why I do.
“The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.”
—Tim Berners-Lee, W3C Director and inventor of the World Wide Web
To me it sounds like good coding practice which is why I do.
Charles, in another thread you were recommending: extract($_REQUEST); These sort of coding practices return us to the days before register globals was disabled by default. Personally I want to keep track of where external variables are coming from rather than allowing users to inject variables into my script from unexpected locations. The chances are this variable will be abandoned in a future version or disabled by default.
By the way why would you need to convert a form between GET and POST; a request is either idempotent or it is not.
Using the Request super-global over the Post super-global does make your script more susceptible to CSRF attacks. Yes POST requests can be emulated via javascript, though GET requests (the inclusion of a supposed image is a great example) are much more common.
I'll own that I erred when I posted that example extracting the $_REQUEST SG. However:
Consider the case of a nice idempotent form, perhaps it does some site navigation or preference setting, and it's a perfect candidate for a GET request. But for what ever reason you prefer to use POST with the form. Perhaps you kinda like the URLs simplified. But you also want, on occasion, to communicate with the form with a link.
And further, let's say you want to save one or more of those features in a cookie and use that value unless overridden by the form.
$_REQUEST is, in those cases, just what the doctor ordered.
“The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.”
—Tim Berners-Lee, W3C Director and inventor of the World Wide Web
That's not a valid reason to use a POST request although the concept is fair enough.
Originally Posted by Charles
But for what ever reason you prefer to use POST with the form.
Sometimes I do use POST for idempotent requests for the opposite reason. I don't want people to be able to link to my output without having used the form. I have to use $_POST in these cases though otherwise I woudn't know from where the input had arrived.
Exactly. $_REQUEST is just another tool in your chest. Sometimes it's just the right tool for the job and sometimes it's not.
“The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.”
—Tim Berners-Lee, W3C Director and inventor of the World Wide Web
Reply With Quote
Originally Posted by Charles
Bookmarks