So, I've been coding for a little (2 years), and I have a very subjective question:

Is it wrong to use $_REQUEST for Data?

This mainly pertains to authentication by the way.

If you think about the 3 ways data can occur in $_REQUEST, it can come from either a cookie, a form, or a query string. Now, I know that most people directly grab the information from either $_POST or $_GET, using $_COOKIE only when they are expecting a cookie.

My theory is that in reality, there shouldn't be any difference in this data, and it shouldn't make any difference if you replaced $_POST or $_GET with $_REQUEST.

If you are authenticating a user into the system, does it really mattered if the authentication details are contained in the $_POST or $_GET array? Heck, it probably shouldn't matter if they are in $_COOKIE either. They are still giving you credentials to log into the site, which you should check for correctness, and if so log them in.

Now, I do realize there are security issues if you try to have a login form that submits data via a query string, but I don't believe that pertains to the question. Also, if someone fails a login too many times, there should be proper limits set in place to avoid overloading the server.

I'd like to here the opinion about this.

Community Wiki'd for good measure.


Oh, and just by the way, here are other StackOverflow questions that relate if you have other questions about $_REQUEST

http://stackoverflow.com/questions/368329/php-using-get-post-instead-of-request http://stackoverflow.com/questions/107683/when-and-why-should-request-be-used-instead-of-get-post-cookie

Comments

stackoverflow.com/questions/368329/…

Written by Galen

Meh ... I think mine is different enough, but close if you'd like.

Written by Chacha102

Accepted Answer

In "good" coding practice, you want to disambiguate as much as possible.

Since $_REQUEST contains the data from $_POST, $_GET, and $_COOKIE by default, the value held by the variable that stores the data retrieved using $_REQUEST will be ambiguous as to which method it came from.

If we are more specific, it will benefit readability of code, as well as understanding of logic, and helps for debugging in the future.

(Let alone the security issues concerning each method, especially the $_GET one)

Written by Sev
This page was build to provide you fast access to the question and the direct accepted answer.
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki