www.webdeveloper.com
Results 1 to 14 of 14

Thread: whats the difference

  1. #1
    Join Date
    Jul 2006
    Posts
    655

    whats the difference

    what's the difference between the two below when you are getting data from a form

    $_POST['username'];

    $_REQUEST['username'];

  2. #2
    Join Date
    Nov 2002
    Location
    Baltimore, Maryland
    Posts
    12,270
    $_POST is just the data sent by the post method from the form. $_REQUEST aggregates get, post and cookie. See http://us2.php.net/manual/en/languag...predefined.php .
    “The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.”
    —Tim Berners-Lee, W3C Director and inventor of the World Wide Web

  3. #3
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,742
    $_REQUEST is a combination of $_POST, $_GET and $_COOKIE. That means if you also have a cookie named 'username' as well as a POST variable the dominant variable will overwrite the recessive one.

  4. #4
    Join Date
    Jul 2006
    Posts
    655
    K cool, so which one should i use to just get data from a form

  5. #5
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,742

  6. #6
    Join Date
    Nov 2002
    Location
    Baltimore, Maryland
    Posts
    12,270
    I always use "Request". That way I can change the form to get or store form values in cookies.
    “The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.”
    —Tim Berners-Lee, W3C Director and inventor of the World Wide Web

  7. #7
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,742
    Quote Originally Posted by Charles
    I always use "Request". That way I can change the form to get or store form values in cookies.
    Sounds like bad coding practice to me.

  8. #8
    Join Date
    Nov 2002
    Location
    Baltimore, Maryland
    Posts
    12,270
    Quote Originally Posted by bokeh
    Sounds like bad coding practice to me.
    To you, which is why you don't do it. To me it sounds like good coding practice which is why I do.
    “The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.”
    —Tim Berners-Lee, W3C Director and inventor of the World Wide Web

  9. #9
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,742
    Quote Originally Posted by Charles
    To me it sounds like good coding practice which is why I do.
    Charles, in another thread you were recommending: extract($_REQUEST); These sort of coding practices return us to the days before register globals was disabled by default. Personally I want to keep track of where external variables are coming from rather than allowing users to inject variables into my script from unexpected locations. The chances are this variable will be abandoned in a future version or disabled by default.

    By the way why would you need to convert a form between GET and POST; a request is either idempotent or it is not.

  10. #10
    Join Date
    Feb 2005
    Location
    Tauranga
    Posts
    2,062
    I agree with Bokeh, This is bad coding practice. Using Request is leaving the door open for injection.

  11. #11
    Join Date
    Oct 2005
    Location
    Gold Coast, Australia
    Posts
    2,115
    Using the Request super-global over the Post super-global does make your script more susceptible to CSRF attacks. Yes POST requests can be emulated via javascript, though GET requests (the inclusion of a supposed image is a great example) are much more common.

  12. #12
    Join Date
    Nov 2002
    Location
    Baltimore, Maryland
    Posts
    12,270
    I'll own that I erred when I posted that example extracting the $_REQUEST SG. However:

    Consider the case of a nice idempotent form, perhaps it does some site navigation or preference setting, and it's a perfect candidate for a GET request. But for what ever reason you prefer to use POST with the form. Perhaps you kinda like the URLs simplified. But you also want, on occasion, to communicate with the form with a link.

    And further, let's say you want to save one or more of those features in a cookie and use that value unless overridden by the form.

    $_REQUEST is, in those cases, just what the doctor ordered.
    “The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.”
    —Tim Berners-Lee, W3C Director and inventor of the World Wide Web

  13. #13
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,742
    Quote Originally Posted by Charles
    Perhaps you kinda like the URLs simplified.
    That's not a valid reason to use a POST request although the concept is fair enough.
    Quote Originally Posted by Charles
    But for what ever reason you prefer to use POST with the form.
    Sometimes I do use POST for idempotent requests for the opposite reason. I don't want people to be able to link to my output without having used the form. I have to use $_POST in these cases though otherwise I woudn't know from where the input had arrived.

  14. #14
    Join Date
    Nov 2002
    Location
    Baltimore, Maryland
    Posts
    12,270
    Exactly. $_REQUEST is just another tool in your chest. Sometimes it's just the right tool for the job and sometimes it's not.
    “The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.”
    —Tim Berners-Lee, W3C Director and inventor of the World Wide Web

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles