PHP $_REQUEST – The Complete Guide

What is `$_REQUEST` in PHP?

PHP provides several superglobal variables to handle user input:

$_GET – Retrieves data sent via URL parameters
$_POST – Retrieves form data submitted via HTTP POST
$_COOKIE – Retrieves data stored in cookies

The $_REQUEST variable combines all three ($_GET, $_POST, and $_COOKIE) into a single array, allowing developers to access user input without specifying the method.

Syntax:

$_REQUEST['key']

This retrieves the value of key from either $_GET, $_POST, or $_COOKIE.

How $_REQUEST Works in PHP (Examples)

Example 1: Using `$_REQUEST` to Collect Form Data

Create an HTML Form (`request-form.html`)

<form action="request-handler.php" method="POST">
    <label for="name">Enter Name:</label>
    <input type="text" name="name" id="name">
    <button type="submit">Submit</button>
</form>

Process Data with PHP (`request-handler.php`)

<?php
if (isset($_REQUEST['name'])) {
    echo "Hello, " . htmlspecialchars($_REQUEST['name']);
} else {
    echo "No input provided.";
}
?>

Output:
Hello, John (If the user enters “John”)

Works with both GET and POST requests, making it flexible.

Example 2: Using `$_REQUEST` for GET and POST

Sending Data via URL (`example.com/form.php?name=Alex`)

<?php
if (isset($_REQUEST['name'])) {
    echo "Name: " . htmlspecialchars($_REQUEST['name']);
} else {
    echo "Name not provided.";
}
?>

If accessed as form.php?name=Alex, the output will be:
Name: Alex

If a form submits the name using POST, the same script still works!

Example 3: Using `$_REQUEST` with Cookies

Set a Cookie (`set-cookie.php`)

<?php
setcookie("user", "Alice", time() + 3600, "/"); // Expires in 1 hour
?>

Retrieve Cookie Using $_REQUEST (get-cookie.php)

<?php
if (isset($_REQUEST['user'])) {
    echo "User: " . $_REQUEST['user'];
} else {
    echo "No user found.";
}
?>

Output:
User: Alice

Since cookies are automatically included in $_REQUEST, there’s no need to use $_COOKIE separately.

Differences: $_REQUEST vs $_GET vs $_POST vs $_COOKIE

Feature	`$_GET`	`$_POST`	`$_COOKIE`	`$_REQUEST`
Data Source	URL query string	HTTP request body	Stored in browser	All (`$_GET`, `$_POST`, `$_COOKIE`)
Security	Less secure	More secure	Stores persistent data	Risky (can mix data)
Data Limit	2,048 characters	No limit	Small data (4KB max)	Dependent on source
Use Case	Fetching data (e.g., search queries)	Sending sensitive data (forms, login)	Remembering user preferences	Flexible, but avoid for critical input

When to Use $_REQUEST (Best Practices & Risks)

When to Use `$_REQUEST`

When you don’t know whether data will come via GET or POST
When handling simple forms without security concerns
When working with older PHP codebases

When NOT to Use `$_REQUEST`

When handling sensitive data (passwords, transactions) – $_POST is safer
When you need strict control over request types (avoid mixing GET & POST)
When dealing with large-scale applications (better to use $_GET, $_POST separately)

Better Alternative:
Use explicit methods like $_GET or $_POST for better security and clarity.

4. Secure Handling of $_REQUEST (Security Tips)

Using $_REQUEST without validation can lead to security vulnerabilities like XSS (Cross-Site Scripting) and SQL Injection.

A. Always Validate Input

<?php
if (isset($_REQUEST['email']) && filter_var($_REQUEST['email'], FILTER_VALIDATE_EMAIL)) {
    echo "Valid email: " . htmlspecialchars($_REQUEST['email']);
} else {
    echo "Invalid email.";
}
?>

B. Avoid `$_REQUEST` for Sensitive Data

BAD (Potentially unsafe):

$password = $_REQUEST['password'];  // May expose password from GET requests

GOOD (Safer approach):

$password = $_POST['password']; // Use $_POST for sensitive data

Use $_SERVER["REQUEST_METHOD"] to Check Request Type

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    echo "Processing a POST request";
} else {
    echo "Processing a GET request";
}
?>

Ensures the correct method is used before accessing $_REQUEST.

Real-World Use Cases for $_REQUEST in PHP

Scenario	Best Method
Login Forms	`$_POST` (Secure)
Search Queries	`$_GET` (Bookmarkable)
Contact Forms	`$_POST`
Persistent User Preferences	`$_COOKIE`
Flexible Handling of Inputs (Non-Critical)	`$_REQUEST`

Final Thoughts – Should You Use $_REQUEST?

$_REQUEST is flexible but not always the best choice.
For security and clarity, prefer $_GET, $_POST, or $_COOKIE separately.
If using $_REQUEST, always validate user input to prevent security risks.

PHP $_REQUEST – The Complete Guide

What is $_REQUEST in PHP?

Syntax:

How $_REQUEST Works in PHP (Examples)

Example 1: Using $_REQUEST to Collect Form Data

Create an HTML Form (request-form.html)

Process Data with PHP (request-handler.php)

Example 2: Using $_REQUEST for GET and POST

Sending Data via URL (example.com/form.php?name=Alex)

Example 3: Using $_REQUEST with Cookies

Set a Cookie (set-cookie.php)