PHP 7.0.6 Released

$_REQUEST

(PHP 4 >= 4.1.0, PHP 5, PHP 7)

$_REQUESTHTTP Request variables

Description

An associative array that by default contains the contents of $_GET, $_POST and $_COOKIE.

Changelog

Version Description
5.3.0 Introduced request_order. This directive affects the contents of $_REQUEST.
4.3.0 $_FILES information was removed from $_REQUEST.
4.1.0 Introduced $_REQUEST.

Notes

Note:

This is a 'superglobal', or automatic global, variable. This simply means that it is available in all scopes throughout a script. There is no need to do global $variable; to access it within functions or methods.

Note:

When running on the command line , this will not include the argv and argc entries; these are present in the $_SERVER array.

Note:

The variables in $_REQUEST are provided to the script via the GET, POST, and COOKIE input mechanisms and therefore could be modified by the remote user and cannot be trusted. The presence and order of variables listed in this array is defined according to the PHP variables_order configuration directive.

See Also

User Contributed Notes

strata_ranger at hotmail dot com
7 years ago
Don't forget, because $_REQUEST is a different variable than $_GET and $_POST, it is treated as such in PHP -- modifying $_GET or $_POST elements at runtime will not affect the ellements in $_REQUEST, nor vice versa.

e.g:

<?php

$_GET
['foo'] = 'a';
$_POST['bar'] = 'b';
var_dump($_GET); // Element 'foo' is string(1) "a"
var_dump($_POST); // Element 'bar' is string(1) "b"
var_dump($_REQUEST); // Does not contain elements 'foo' or 'bar'

?>

If you want to evaluate $_GET and $_POST variables by a single token without including $_COOKIE in the mix, use  $_SERVER['REQUEST_METHOD'] to identify the method used and set up a switch block accordingly, e.g:

<?php

switch($_SERVER['REQUEST_METHOD'])
{
case
'GET': $the_request = &$_GET; break;
case
'POST': $the_request = &$_POST; break;
.
.
// Etc.
.
default:
}
?>
John Galt
6 years ago
I wrote a function because I found it inconvenient if I needed to change a particular parameter (get) while preserving the others. For example, I want to make a hyperlink on a web page with the URL http://www.example.com/script.php?id=1&blah=blah+blah&page=1 and change the value of "page" to 2 without getting rid of the other parameters.

<?php
function add_or_change_parameter($parameter, $value)
{
 
$params = array();
 
$output = "?";
 
$firstRun = true;
  foreach(
$_GET as $key=>$val)
  {
   if(
$key != $parameter)
   {
    if(!
$firstRun)
    {
    
$output .= "&";
    }
    else
    {
    
$firstRun = false;
    }
   
$output .= $key."=".urlencode($val);
   }
  }
  if(!
$firstRun)
  
$output .= "&";
 
$output .= $parameter."=".urlencode($value);
  return
htmlentities($output);
}
?>

Now, I can add a hyperlink to the page (http://www.example.com/script.php?id=1&blah=blah+blah&page=1) like this:
<a href="<?php echo add_or_change_parameter("page", "2"); ?>">Click to go to page 2</a>

The above code will output
<a href="?id=1&amp;blah=blah+blah&amp;page=2">Click to go to page 2</a>

Also, if I was setting "page" to a string rather than just "2", the value would be urlencode()'d.
<a href="<?php echo add_or_change_parameter("page", "banana+split!"); ?>">Click to go to page banana split!</a>
would become
<a href="?id=1&amp;blah=blah+blah&amp;page=banana+split%21">Click to go to page banana split!</a>

[EDIT BY danbrown AT php DOT net: Contains a bugfix provided by (theogony AT gmail DOT com), which adds missing `echo` instructions to the HREF tags.]
mike o.
6 years ago
The default php.ini on your system as of in PHP 5.3.0 may exclude cookies from $_REQUEST.  The request_order ini directive specifies what goes in the $_REQUEST array; if that does not exist, then the variables_order directive does.  Your distribution's php.ini may exclude cookies by default, so beware.
Anonymous
3 months ago
Note you should use $_GET, $_POST and $_COOKIE seperately if you use same name or your not sure.
Because there are "overwrite" problems with $_REQUEST :

Example:
$_GET['foo'] is a 'hello' string   //from user input
$_POST['foo'] is a 'world' string   //from user input

Then the $_REQUEST['foo'] would be a 'world' string. The value 'hello' is overwritten.

So don't use $_REQUEST to monitor user inputs.
To Top