PHP – $_REQUEST Superglobal

Welcome to The Coding College! In this guide, we’ll explore the $_REQUEST superglobal in PHP, its uses, benefits, and examples. The $_REQUEST superglobal is an essential tool for handling data sent through forms, URLs, and cookies in PHP applications.

What is $_REQUEST?

$_REQUEST is a superglobal array in PHP that collects data from three other superglobals:

  1. $_GET: Retrieves data sent through the URL query string.
  2. $_POST: Retrieves data sent via an HTTP POST request (usually form data).
  3. $_COOKIE: Retrieves cookie data.

Key Features:

  • Accessible from anywhere in the script without requiring a global declaration.
  • Aggregates data from multiple sources into one array.
  • Can be useful for quick prototyping or handling mixed input methods.

Syntax

$_REQUEST['key_name']

Here, 'key_name' refers to the name of the input field or query parameter you want to access.

Example: Using $_REQUEST

HTML Form Example

<form method="post" action="process.php">
    Name: <input type="text" name="name">
    Age: <input type="number" name="age">
    <input type="submit" value="Submit">
</form>

PHP Script Example (process.php)

<?php
$name = $_REQUEST['name'];
$age = $_REQUEST['age'];

echo "Hello, $name. You are $age years old.";
?>

$_REQUEST in GET and POST Requests

Example with a GET Request

<a href="process.php?name=John&age=25">Click Here</a>
<?php
echo "Name: " . $_REQUEST['name'] . "<br>";
echo "Age: " . $_REQUEST['age'];
?>

Output:

Name: John  
Age: 25

Example with a POST Request

<form method="post" action="process.php">
    Email: <input type="email" name="email">
    <input type="submit" value="Submit">
</form>
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    echo "Your email is: " . $_REQUEST['email'];
}
?>

Mixing Sources: GET, POST, and COOKIE

$_REQUEST combines data from multiple sources. For example:

Cookie Example

<?php
// Set a cookie
setcookie("username", "TheCodingCollege", time() + 3600, "/");

// Retrieve data
if (isset($_REQUEST['username'])) {
    echo "Hello, " . $_REQUEST['username'];
}
?>

GET or POST Example with the Same Key

<a href="process.php?username=John">Visit Here</a>
<form method="post" action="process.php">
    <input type="hidden" name="username" value="Jane">
    <input type="submit" value="Submit">
</form>
<?php
echo "Username: " . $_REQUEST['username'];
?>
  • If you visit via GET: John will be displayed.
  • If you submit via POST: Jane will be displayed.

Use Cases for $_REQUEST

  1. Simplified Input Handling: Quickly collect data without worrying about whether it was sent via GET, POST, or COOKIE.
  2. Quick Prototyping: Useful during development when you’re testing different data submission methods.
  3. Dynamic Input Sources: Handle input from multiple sources without explicitly specifying which one.

Best Practices and Considerations

1. Avoid Overuse of $_REQUEST

  • Using $_REQUEST can make your code less predictable because you won’t always know whether the data came from GET, POST, or COOKIE.
  • It’s better to explicitly use $_POST or $_GET for clarity and security.

2. Sanitize and Validate Inputs

  • Always sanitize data retrieved from $_REQUEST to prevent vulnerabilities like SQL injection or cross-site scripting (XSS).
$name = htmlspecialchars($_REQUEST['name'], ENT_QUOTES, 'UTF-8');

3. Check HTTP Request Methods

  • Use $_SERVER['REQUEST_METHOD'] to determine the type of request and avoid conflicts.
  • Example: 
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    echo $_REQUEST['data'];
}

4. Avoid Mixing Sources

  • If the same key exists in both $_GET and $_POST, the order of precedence is determined by the PHP configuration (variables_order in php.ini). This can lead to unexpected behavior.

Comparison: $_REQUEST vs $_GET and $_POST

Feature$_REQUEST$_GET$_POST
Data SourceCombines GET, POST, COOKIEData sent via URL query stringData sent via POST requests
Use CaseQuick handling of multiple sourcesRetrieving data from URLsHandling form submissions
SecurityMore prone to conflicts and confusionClear source of dataSecure for sensitive data
Best PracticeUse sparingly in productionUse for retrieving query dataPreferred for forms

Conclusion

The $_REQUEST superglobal is a versatile tool for handling input from multiple sources in PHP. While it’s useful for quick prototyping and simplified data handling, it should be used cautiously to ensure clarity and security in your code. For most production scenarios, it’s better to rely on $_GET or $_POST explicitly.

For more PHP tutorials and web development tips, visit The Coding College. Stay curious, and keep coding! 🚀

Leave a Comment