$_REQUEST in PHP

✔ Recommended Answer

$_REQUEST is a superglobal array that is (from the PHP documentation):

An associative array that by default contains the contents of $_GET,$_POST and $_COOKIE.

Like $_GET, $_POST, $_COOKIE, and $_SESSION, it can store a list of information associatively. In the case of $_REQUEST, $_POST, and $_GET these arrays will store encoded data sent to the PHP header.

Example of what might be contained (not recommended to set it like this though):

$_REQUEST['key1'] = 'value1';$_REQUEST['streetAddress'] = '123 Baker St';

Or here is an example of a link that would populate it from a GET parameter:<a href='?key=value'>value</a> // for $_GET and $_REQUEST

PHP will grab that key->value from the URL and save it to the superglobal array that you are using. To access it call:echo $_REQUEST['key']; // displays 'value'

In your case msg is, so far, not send by the browser. It needs to be passed by a different means (forms, href's etc.). So,

 $_REQUEST['msg'] = 'new'; // not recommended to actually set it directly, purely illustrative of it already being set to something if (isset($_REQUEST['msg'])) { // use isset() to avoid an error    if ($_REQUEST['msg'] == 'new') {        $message = 'New User has been added successfully';      } elseif ($_REQUEST['msg'] == 'edit') {        $message = 'User has been saved successfully';    } elseif ($_REQUEST['msg'] == 'update') {        $message = 'User(s) has been Updated successfully';    }} // sets $message = "New user..."

Using $_REQUEST is not recommended. It goes against best practices because it makes it hard to control what information is processed. GET parameters, POST parameters, and cookies all serve different purposes. It is better to decide which of those the data you want to process should come from and use either $_GET, $_POST, or $_COOKIE accordingly. $_GET requests show the key->value pairs in the URL. Information that you don't want as visible probably shouldn't be shown there. GET is appropriate for indicating what the user is accessing, when doing so does not amount to actions/changes being requested. POST is better for parameters involved when the user is requesting some action be taken, such as updating data or sending an email. Using GET instead of POST when appropriate makes it less likely a user will accidently re-request a change/action just by hitting back or bookmarking a page (such as purchasing something a second time by accident), although it doesn't completely eliminate that possibility as it depends on whether their browser re-sends the POST data in those cases.

If you use $_REQUEST for everything, a user can send key->value pairs over the URL to see what information needs to be passed and exploit that in other ways (google cross-site request forgeries). Using the more specific $_GET, $_POST, and $_COOKIE variables instead makes it a little harder for them to attempt this. However, using these does not actually protect you, as your are still processing either GET parameters, POST parameters, or cookies sent by the user. Even so, it is better to restrict which of those the code will process in different scenarios. Ultimately you will still need to use proper techniques to protect against processing user provided values in a dangerous way, but that is a separate topic.

TL;DR : $_REQUEST['msg'] -- 'msg' is a key in a key->value pair ('new'| 'edit' | 'update' being the value). $_REQUEST is a superglobal array that contains GET, POST, and cookie keys and values sent by the user's browser or other client. It can be accessed from any part of the PHP code.

Method #2

In PHP, $_REQUEST is a superglobal variable that contains the contents of both $_GET, $_POST, and $_COOKIE superglobal arrays. This means that $_REQUEST can contain data that is submitted to the server using either the GET or POST method of an HTML form, as well as any data that is stored in cookies.

Here's an example to illustrate the use of $_REQUEST:

Let's say you have an HTML form that looks like this:

html
<form method="post" action="submit.php">
  <label for="name">Name:</label>
  <input type="text" id="name" name="name"><br>
  <label for="email">Email:</label>
  <input type="email" id="email" name="email"><br>
  <button type="submit">Submit</button>
</form>

When the user submits this form, the data they entered in the name and email fields will be sent to the submit.php file using the POST method.

In the submit.php file, you can access the data that was submitted using $_REQUEST like this:

php
$name = $_REQUEST['name'];
$email = $_REQUEST['email'];

In this example, $name and $email will contain the values that the user entered in the form.

It's worth noting that $_REQUEST should be used with caution, as it can make your code vulnerable to security risks such as cross-site scripting (XSS) attacks. It's generally a good practice to use either $_GET or $_POST depending on the nature of the data you're working with, and to sanitize and validate any user input to prevent security issues.

Comments

Post a Comment

Most Popular

PhpStorm, return value is expected to be 'A', 'object' returned

Image
✔ Recommended Answer Has to be because object can be ANY class instance, even B etc. You can annotate the create() method with generics PHPDoc to tell that the return type will be the same as the input parameter class string. It gives more context info to the IDE. /** * @template T * * @param string $class * @return T */ private function create(string $class) : object { return new $class(); } P.S. Instead of create('B'); better use create(B::class) . This way the IDE can track the usages of that class for refactoring/search purposes etc. Source: stackoverflow.com Answered By: LazyOne Method #2 This error message suggests that your code is expecting a value of type 'A' to be returned, but instead, the code is returning an object. This error can occur in PhpStorm, or any other PHP development environment. To resolve this error, you should check the function or method that is returning the object and ensure that it is returning
Read more

Remove Unicode Zero Width Space PHP

✔ Recommended Answer This: $newBody = str_replace("&#8203;", "", $newBody); presumes the text is HTML entity encoded. This: $newBody = str_replace("\xE2\x80\x8C", "", $newBody); should work if the offending characters are not encoded, but matches the wrong character (0xe2808c). To match the same character as #8203; you need 0xe2808b: $newBody = str_replace("\xE2\x80\x8B", "", $newBody); Source: stackoverflow.com Answered By: Jef Method #2 To remove Unicode zero width space (ZWSP) from a string in PHP, you can use the str_replace() function to replace the ZWSP character with an empty string. Here's an example: php $str = "Hello&ZeroWidthSpace; World" ; // Contains ZWSP after "Hello" // Replace ZWSP with an empty string $str = str_replace ( "\u{200B}" , "" , $str ); echo $str ; // Outputs "Hello World" without ZWSP In this example, the str_replace() functi
Read more

Laravel file upload returns forbidden 403, file permission is 700 not 755

✔ Recommended Answer The issue you are facing could be due to incorrect file permissions for the storage folder. Here are some steps to fix the problem: SSH into your cPanel server. Change the permission of the storage folder to 755: chmod -R 755 storage/ This command will change the permission of the storage folder and all its contents to 755, which should give the web server permission to read and write to the folder. Check the ownership of the storage folder. Ensure that the owner of the folder is the same as the user running the web server (typically www-data on Apache): ls -l This command will list the files and folders in the current directory along with their ownership and permission details. Make sure that the owner of the storage folder is the same as the user running the web server. If the ownership is incorrect, you can change it using the following command: chown -R www-data:www-data storage/ This command will change the ownership of the storage folder and all its conten
Read more