$_REQUEST

$_REQUEST — HTTP Request 变量

说明

默认情况下包含了 $_GET，$_POST 和 $_COOKIE 的数组。

更新日志

版本	说明
5.3.0	引入 request_order。该指令会影响 `$_REQUEST` 的内容。
4.3.0	`$_FILES` 信息被从 `$_REQUEST` 中移除。
4.1.0	引入 `$_REQUEST`。

注释

Note:
“Superglobal”也称为自动化的全局变量。这就表示其在脚本的所有作用域中都是可用的。不需要在函数或方法中用global $variable; 来访问它。

Note:
以命令行方式运行时，将不包含 argv 和 argc 信息；它们将存在于 $_SERVER 数组。

Note:
由于 $_REQUEST 中的变量通过 GET，POST 和 COOKIE 输入机制传递给脚本文件，因此可以被远程用户篡改而并不可信。这个数组的项目及其顺序依赖于 PHP 的 variables_order 指令的配置。

参见

import_request_variables() - 将 GET／POST／Cookie 变量导入到全局作用域中
处理外部变量
过滤器扩展

add a note

User Contributed Notes 4 notes

down

strata_ranger at hotmail dot com ¶

7 years ago

Don't forget, because $_REQUEST is a different variable than $_GET and $_POST, it is treated as such in PHP -- modifying $_GET or $_POST elements at runtime will not affect the ellements in $_REQUEST, nor vice versa.

e.g:

<?php

$_GET['foo'] = 'a';
$_POST['bar'] = 'b';
var_dump($_GET); // Element 'foo' is string(1) "a"
var_dump($_POST); // Element 'bar' is string(1) "b"
var_dump($_REQUEST); // Does not contain elements 'foo' or 'bar'

?>

If you want to evaluate $_GET and $_POST variables by a single token without including $_COOKIE in the mix, use  $_SERVER['REQUEST_METHOD'] to identify the method used and set up a switch block accordingly, e.g:

<?php

switch($_SERVER['REQUEST_METHOD'])
{
case 'GET': $the_request = &$_GET; break;
case 'POST': $the_request = &$_POST; break;
.
. // Etc.
.
default:
}
?>

down

John Galt ¶

6 years ago

I wrote a function because I found it inconvenient if I needed to change a particular parameter (get) while preserving the others. For example, I want to make a hyperlink on a web page with the URL http://www.example.com/script.php?id=1&blah=blah+blah&page=1 and change the value of "page" to 2 without getting rid of the other parameters.

<?php
 function add_or_change_parameter($parameter, $value)
 {
  $params = array();
  $output = "?";
  $firstRun = true;
  foreach($_GET as $key=>$val)
  {
   if($key != $parameter)
   {
    if(!$firstRun)
    {
     $output .= "&";
    }
    else
    {
     $firstRun = false;
    }
    $output .= $key."=".urlencode($val);
   }
  }
  if(!$firstRun)
   $output .= "&";
  $output .= $parameter."=".urlencode($value);
  return htmlentities($output);
 }
?>

Now, I can add a hyperlink to the page (http://www.example.com/script.php?id=1&blah=blah+blah&page=1) like this:
<a href="<?php echo add_or_change_parameter("page", "2"); ?>">Click to go to page 2</a>

The above code will output
<a href="?id=1&amp;blah=blah+blah&amp;page=2">Click to go to page 2</a>

Also, if I was setting "page" to a string rather than just "2", the value would be urlencode()'d.
<a href="<?php echo add_or_change_parameter("page", "banana+split!"); ?>">Click to go to page banana split!</a>
would become
<a href="?id=1&amp;blah=blah+blah&amp;page=banana+split%21">Click to go to page banana split!</a>

[EDIT BY danbrown AT php DOT net: Contains a bugfix provided by (theogony AT gmail DOT com), which adds missing `echo` instructions to the HREF tags.]

down

mike o. ¶

6 years ago

The default php.ini on your system as of in PHP 5.3.0 may exclude cookies from $_REQUEST.  The request_order ini directive specifies what goes in the $_REQUEST array; if that does not exist, then the variables_order directive does.  Your distribution's php.ini may exclude cookies by default, so beware.

down

-10

Anonymous ¶

4 months ago

Note you should use $_GET, $_POST and $_COOKIE seperately if you use same name or your not sure.
Because there are "overwrite" problems with $_REQUEST :

Example:
$_GET['foo'] is a 'hello' string   //from user input
$_POST['foo'] is a 'world' string   //from user input

Then the $_REQUEST['foo'] would be a 'world' string. The value 'hello' is overwritten.

So don't use $_REQUEST to monitor user inputs.

add a note