Don't forget, because $_REQUEST is a different variable than $_GET and $_POST, it is treated as such in PHP -- modifying $_GET or $_POST elements at runtime will not affect the ellements in $_REQUEST, nor vice versa.
$_GET['foo'] = 'a';
$_POST['bar'] = 'b';
var_dump($_GET); // Element 'foo' is string(1) "a"
var_dump($_POST); // Element 'bar' is string(1) "b"
var_dump($_REQUEST); // Does not contain elements 'foo' or 'bar'
If you want to evaluate $_GET and $_POST variables by a single token without including $_COOKIE in the mix, use $_SERVER['REQUEST_METHOD'] to identify the method used and set up a switch block accordingly, e.g:
case 'GET': $the_request = &$_GET; break;
case 'POST': $the_request = &$_POST; break;
. // Etc.
(PHP 4 >= 4.1.0, PHP 5)
$_REQUEST — HTTP Request variables
|5.3.0||Introduced request_order. This directive affects the contents of $_REQUEST.|
|4.3.0||$_FILES information was removed from $_REQUEST.|
This is a 'superglobal', or automatic global, variable. This simply means that it is available in all scopes throughout a script. There is no need to do global $variable; to access it within functions or methods.
The variables in $_REQUEST are provided to the script via the GET, POST, and COOKIE input mechanisms and therefore could be modified by the remote user and cannot be trusted. The presence and order of variables listed in this array is defined according to the PHP variables_order configuration directive.
The default php.ini on your system as of in PHP 5.3.0 may exclude cookies from $_REQUEST. The request_order ini directive specifies what goes in the $_REQUEST array; if that does not exist, then the variables_order directive does. Your distribution's php.ini may exclude cookies by default, so beware.
I wrote a function because I found it inconvenient if I needed to change a particular parameter (get) while preserving the others. For example, I want to make a hyperlink on a web page with the URL http://www.example.com/script.php?id=1&blah=blah+blah&page=1 and change the value of "page" to 2 without getting rid of the other parameters.
function add_or_change_parameter($parameter, $value)
$params = array();
$output = "?";
$firstRun = true;
foreach($_GET as $key=>$val)
if($key != $parameter)
$output .= "&";
$firstRun = false;
$output .= $key."=".urlencode($val);
$output .= "&";
$output .= $parameter."=".urlencode($value);
Now, I can add a hyperlink to the page (http://www.example.com/script.php?id=1&blah=blah+blah&page=1) like this:
<a href="<?php echo add_or_change_parameter("page", "2"); ?>">Click to go to page 2</a>
The above code will output
<a href="?id=1&blah=blah+blah&page=2">Click to go to page 2</a>
Also, if I was setting "page" to a string rather than just "2", the value would be urlencode()'d.
<a href="<?php echo add_or_change_parameter("page", "banana+split!"); ?>">Click to go to page banana split!</a>
<a href="?id=1&blah=blah+blah&page=banana+split%21">Click to go to page banana split!</a>
[EDIT BY danbrown AT php DOT net: Contains a bugfix provided by (theogony AT gmail DOT com), which adds missing `echo` instructions to the HREF tags.]
Selecting $_GET or $_POST depending on the request method isn't a general solution, since it's possible for an HTTP request to have both posted content and a query string in the URI.
If you want to allow for this possibility, you can use
$req = array_merge($_GET, $_POST);
or vice versa, depending on which you want to be used in the event of a clash between them.
Note that the default distribution php.ini files does not contain the 'C' for cookies, due to security concerns.