PHP $_REQUEST Explained – Complete Beginner’s Guide with Examples
Introduction: Why Do We Need $_REQUEST in PHP?
When users interact with a website, data can be sent to the server using:
GET (URL parameters)
POST (form submission)
COOKIE (stored browser data)
PHP provides a shortcut to access all these data sources using one variable.
That variable is $_REQUEST.
What Is $_REQUEST in PHP?
Simple Definition
$_REQUEST is a PHP superglobal array that contains data sent by:
$_GET$_POST$_COOKIE
in a single place.
In Simple Words
Instead of checking GET or POST separately, $_REQUEST allows you to access request data using one array.
What Does “Superglobal” Mean?
A superglobal variable in PHP:
Is available anywhere in the script
Does not need
globalkeywordWorks automatically
Examples of superglobals:
$_GET$_POST$_REQUEST$_SESSION$_COOKIE
Real-Life Analogy
Imagine receiving messages through:
Email
WhatsApp
SMS
Instead of checking each app, you get one inbox that shows all messages together.
That inbox is $_REQUEST.
PHP $_REQUEST Syntax
$_REQUEST['key']
Example:
$_REQUEST['username']
How $_REQUEST Collects Data
By default, $_REQUEST includes data from:
GET
POST
COOKIE
(The order depends on PHP configuration, usually GET → POST → COOKIE)
Example 1: Using $_REQUEST with GET
HTML Form
<form method="get" action="process.php">
Name: <input type="text" name="username">
<input type="submit">
</form>
PHP Code
<?php
echo $_REQUEST['username'];
?>
Example URL
process.php?username=John
- Data accessed successfully
- Works the same as
$_GET['username']
Example 2: Using $_REQUEST with POST
HTML Form
<form method="post" action="process.php">
Email: <input type="email" name="email">
<input type="submit">
</form>
PHP Code
<?php
echo $_REQUEST['email'];
?>
- Works like
$_POST['email'] - No need to check request type
Example 3: Checking If Data Exists
Wrong Way
echo $_REQUEST['name'];
Correct Way
if (isset($_REQUEST['name'])) {
echo $_REQUEST['name'];
}
- Prevents warnings
- Safer code
Difference Between $_GET, $_POST, and $_REQUEST
| Feature | $_GET | $_POST | $_REQUEST |
|---|---|---|---|
| Source | URL | Form body | GET + POST + COOKIE |
| Security | Low | Better | Depends |
| Control | High | High | Low |
| Recommended for forms | No | Yes | Limited |
When Should You Use $_REQUEST?
Use $_REQUEST When:
You don’t care whether data comes from GET or POST
Writing small scripts or demos
Quick prototyping
Learning PHP basics
When NOT to Use $_REQUEST
Avoid $_REQUEST when:
Security is important
You need strict control over input source
Working on login, payment, or sensitive forms
Use $_POST instead.
Security Considerations
Because $_REQUEST can include COOKIE data, it can be risky.
Unsafe Code
echo $_REQUEST['username'];
Safe Code
$username = htmlspecialchars($_REQUEST['username']);
echo $username;
- Prevents XSS attacks
- Improves security
Common Beginner Mistakes
Assuming $_REQUEST Is Always Safe
It is not secure by default.
Using $_REQUEST for Passwords
Always use $_POST for sensitive data.
Forgetting Input Validation
Never trust user input blindly.
Best Practices
- Use
$_POSTfor sensitive forms - Use
$_GETfor search and filters - Use
$_REQUESTonly when necessary - Always validate and sanitize input
- Prefer clarity over shortcuts
Frequently Asked Questions (FAQ)
Q1. Is $_REQUEST the same as $_GET?
No. $_REQUEST includes data from GET, POST, and COOKIE.
Q2. Which is safer: $_POST or $_REQUEST?
$_POST is safer because it only accepts form data.
Q3. Can $_REQUEST receive cookie values?
Yes, depending on PHP configuration.
Q4. Should beginners use $_REQUEST?
Yes, for learning—but not for secure applications.
Q5. Can I disable COOKIE data in $_REQUEST?
Yes, through PHP configuration (request_order).