开发者

problem regarding $_REQUEST

开发者 https://www.devze.com 2023-01-06 11:15 出处:网络
I am beginner in PHP and i read in manual that $_REQUEST is a associative array consisting of cookies, get and post arrays. I want to know which takes precedence in request array.

I am beginner in PHP and i read in manual that $_REQUEST is a associative array consisting of cookies, get and post arrays. I want to know which takes precedence in request array.

Say, suppose i have a variable user in $_POST as well as $_COOKIE, and if i use echo $_REQUEST['user'] then which would print. I tried it and i get the value set in $_POST. If i want to prin开发者_如何学Got value of $_COOKIE what should i use? I know $_COOKIE is there but still using $_REQUEST if i want to print it, then how should i do it?

Thanks in advance :)


From the PHP manual on $_REQUEST (php.net):

Note: The variables in $_REQUEST are provided to the script via the GET, POST, and COOKIE input mechanisms and therefore could be modified by the remote user and cannot be trusted. The presence and order of variables listed in this array is defined according to the PHP variables_order configuration directive.

In fact PHP uses the request_order config value, but falls back on variables_order if empty.

A possible value for request or variables order might look like this: "GPC". This means that first all Get variables are associated, then the Post- and after that the Cookie variables are associated. The order is from left to right, already defined values are overwritten. Except from GET, POST and cookie values, PHP can also associate environment ("E") and server ("S") variables.

You'll find the corresponding manual entries for the PHP config here.


http://www.php.net/manual/en/ini.core.php#ini.request-order

This directive describes the order in which PHP registers GET, POST and Cookie variables into the $_REQUEST array. Registration is done from left to right, newer values override older values.

If this directive is not set, variables_order is used for $_REQUEST contents.

Note that the default distribution php.ini files does not contain the 'C' for cookies, due to security concerns.


It depends. There is a setting for it called request_order.


from $_REQUEST man page:

The variables in $_REQUEST are provided to the script via the GET, POST, and COOKIE input mechanisms and therefore could be modified by the remote user and cannot be trusted. The presence and order of variables listed in this array is defined according to the PHP variables_order configuration directive.


See:

variable order on official docs

Note that you should always avoid using $_REQUEST for security reasons, instead use actual arrays eg $_GET, $_POST and $_COOKIE


Just do a print_r($_REQUEST) and you will see, that as it's an associative array which can only have one value per key. So if you use the same key on POST, GET and COOKIE, there will only be one value in the array and so you can't get the other values out of the $_REQUEST array. In this case you MUST use the $_COOKIE super global.


You really shouldn't be using $_REQUEST you should instead being the individual GLOBALS

echo $_POST['user'];
echo $_COOKIE['user'];
echo $_GET['user'];

This will add an extra security layer to your app

0

精彩评论

暂无评论...
验证码 换一张
取 消