✔ Recommended Answer

$_REQUEST is a superglobal array that is (from the PHP documentation):

An associative array that by default contains the contents of $_GET,$_POST and $_COOKIE.

Like $_GET, $_POST, $_COOKIE, and $_SESSION, it can store a list of information associatively. In the case of $_REQUEST, $_POST, and $_GET these arrays will store encoded data sent to the PHP header.

Example of what might be contained (not recommended to set it like this though):

$_REQUEST['key1'] = 'value1';$_REQUEST['streetAddress'] = '123 Baker St';

Or here is an example of a link that would populate it from a GET parameter:<a href='?key=value'>value</a> // for $_GET and $_REQUEST

PHP will grab that key->value from the URL and save it to the superglobal array that you are using. To access it call:echo $_REQUEST['key']; // displays 'value'

In your case msg is, so far, not send by the browser. It needs to be passed by a different means (forms, href's etc.). So,

 $_REQUEST['msg'] = 'new'; // not recommended to actually set it directly, purely illustrative of it already being set to something if (isset($_REQUEST['msg'])) { // use isset() to avoid an error    if ($_REQUEST['msg'] == 'new') {        $message = 'New User has been added successfully';      } elseif ($_REQUEST['msg'] == 'edit') {        $message = 'User has been saved successfully';    } elseif ($_REQUEST['msg'] == 'update') {        $message = 'User(s) has been Updated successfully';    }} // sets $message = "New user..."

Using $_REQUEST is not recommended. It goes against best practices because it makes it hard to control what information is processed. GET parameters, POST parameters, and cookies all serve different purposes. It is better to decide which of those the data you want to process should come from and use either $_GET, $_POST, or $_COOKIE accordingly. $_GET requests show the key->value pairs in the URL. Information that you don't want as visible probably shouldn't be shown there. GET is appropriate for indicating what the user is accessing, when doing so does not amount to actions/changes being requested. POST is better for parameters involved when the user is requesting some action be taken, such as updating data or sending an email. Using GET instead of POST when appropriate makes it less likely a user will accidently re-request a change/action just by hitting back or bookmarking a page (such as purchasing something a second time by accident), although it doesn't completely eliminate that possibility as it depends on whether their browser re-sends the POST data in those cases.

If you use $_REQUEST for everything, a user can send key->value pairs over the URL to see what information needs to be passed and exploit that in other ways (google cross-site request forgeries). Using the more specific $_GET, $_POST, and $_COOKIE variables instead makes it a little harder for them to attempt this. However, using these does not actually protect you, as your are still processing either GET parameters, POST parameters, or cookies sent by the user. Even so, it is better to restrict which of those the code will process in different scenarios. Ultimately you will still need to use proper techniques to protect against processing user provided values in a dangerous way, but that is a separate topic.

TL;DR : $_REQUEST['msg'] -- 'msg' is a key in a key->value pair ('new'| 'edit' | 'update' being the value). $_REQUEST is a superglobal array that contains GET, POST, and cookie keys and values sent by the user's browser or other client. It can be accessed from any part of the PHP code.

Method #2

In PHP, $_REQUEST is a superglobal variable that contains the contents of both $_GET, $_POST, and $_COOKIE superglobal arrays. This means that $_REQUEST can contain data that is submitted to the server using either the GET or POST method of an HTML form, as well as any data that is stored in cookies.

Here's an example to illustrate the use of $_REQUEST:

Let's say you have an HTML form that looks like this:

<form method="post" action="submit.php"> <label for="name">Name:</label> <input type="text" id="name" name="name"><br> <label for="email">Email:</label> <input type="email" id="email" name="email"><br> <button type="submit">Submit</button> </form>

When the user submits this form, the data they entered in the name and email fields will be sent to the submit.php file using the POST method.

In the submit.php file, you can access the data that was submitted using $_REQUEST like this:

$name = $_REQUEST['name']; $email = $_REQUEST['email'];

In this example, $name and $email will contain the values that the user entered in the form.

It's worth noting that $_REQUEST should be used with caution, as it can make your code vulnerable to security risks such as cross-site scripting (XSS) attacks. It's generally a good practice to use either $_GET or $_POST depending on the nature of the data you're working with, and to sanitize and validate any user input to prevent security issues.


Most Popular

PhpStorm, return value is expected to be 'A', 'object' returned

Remove Unicode Zero Width Space PHP

Laravel file upload returns forbidden 403, file permission is 700 not 755