Since some of my PHP scripts receive data from a form POST or from a direct link in the URL....I've been using $_REQUEST.
However, my client says the scripts are not populating anything. Yet they do on my end. We both have Firefox 7.01 and Chrome. Both browsers work for me, but he said neither browser will populate data.
He's said he's had some other users try it and some get the data and some do not. The only way I've found to fix it is to change my variable sets from $_REQUEST to either $_GET or $_POST. But then not all my script works.
For example, sometimes the URL passes ID=55&act=reviewapp while a form passes to the same script ID = 55 and act = updateapp
Probably not enough info to come up with a definitive answer. In general, I think you are better served by using the explicit source ($_GET or $_POST or $_COOKIE) as applicable, rather than $_REQUEST. If you do need to use $_REQUEST, be aware that if two or more of those specific sources come in to the page with the same key, which one will show up in $_REQUEST depends on your PHP configuration's setting of the gpc_order directive.
Rather than depending on that setting, you may be better served by checking the sources yourself in the desired order, e.g.:
if you leave form method blank, some browsers may just guess.... hey it's GET, or maybe it's POST. Only reason I can see for it.
Like criterion said, the only real rule of thumb I use is that post is better for submitting large amounts of data, get is better for browsing and retrieving data by id. It's not that hackers are idiots and can't figure out how to xsrf with post or anything, it's just how I generally do things. search engines don't pick up on post data, but they can understand a URL like this:
Sometimes ppl may think that im repetitve or something, but this is the type of thing that made me go for the php code generators, there is some ways to pass parameters using some global variables that is secure and encrypted.
I dont like to lose time on things like this, just to tell you that i use 2 differente types of generators and pass 80% of my development time using then.
If you want an alternative, let me know