Why Should Web Developers Avoid Using `$_REQUEST[]` in PHP?

The Hazards of $_REQUEST[]: Why You Should Avoid It

In the world of web development, it's widely known that the use of $_REQUEST[] is often discouraged. But why is this the case?

The primary concern with $_REQUEST[] lies not in its ability to combine GET and POST parameters, but rather in its default inclusion of $_COOKIE. Cookies are fundamentally different from form submission parameters. They are not intentionally set or updated by users, making their presence in the same array as form data undesirable.

When faced with a cookie that shares a name with a form parameter, form submissions may fail inexplicably due to the cookie value overriding the expected form parameter. This issue becomes even more problematic when multiple applications coexist within the same site, making it difficult to identify and resolve the conflict.

To avoid these potential pitfalls, PHP 5.3 introduced the request_order configuration setting, which allows developers to specify the order of precedence for the data sources (e.g., GP for $_GET and $_POST only). In the absence of this configuration, creating a combined GET POST array manually is a more reliable approach.

The above is the detailed content of Why Should Web Developers Avoid Using `$_REQUEST[]` in PHP?. For more information, please follow other related articles on the PHP Chinese website!