All geek questions in one place

What happens if you assign the value $ _REQUEST?

I recently met this line in a PHP script:

$_REQUEST['start_date']=$date;

Is it allowed or useful to somehow assign something to the super-global variable $ _REQUEST? If there is $ _COOKIE ['start_date'], will this change the value of the cookie?

+6
source share
3 answers

Yes, it is allowed and may be useful for a number of reasons.

  • Debugging If for any reason you want to "force" a specific request parameter, you can set the value in $_REQUEST , $_GET or $_POST arrays. This will override any value sent by the requesting page, which may be desirable.
  • Since you are going to do something with the whole array - if you want, for example, json_encode all the key-value pairs $_REQUEST , as well as some additional values, it might be faster to just “add” the values ​​to $_REQUEST this way and then pass $_REQUEST to json_encode() .

Regarding your question about $_COOKIE , you cannot change the cookie value in this way, only get access to it.

Author's note: The following example was added as a recommended and approved edit to my original answer. Although this may work, there are better ways to protect your site from injection attacks (for example, prepared statements ). IMHO, a reasonable programmer should seriously consider these approaches before relying on the code below.

Consider preventing SQL injection attacks on your site. This simple code will stop them for all $_REQUEST variables (mysqli example):

 function injectionwall($dbinterface) { foreach($_REQUEST as $key => $data) { $_REQUEST[$key]=$dbinterface->real_escape_string($data); } }

All $_REQUEST variables $_REQUEST now safe to use :)

+6
source

I think the more appropriate answer is “Yes, it’s allowed, but consider it a bad practice, so avoid better programming.”

Why is this allowed (and probably the point of your question):

  • SuperGlobals are installed at the beginning of program execution, and then do not change otherwise (unless you do this). Thus, your changes are permanent and easily visible in any other function. So go ahead, edit as you want.

But - why is it best to avoid:

  • As a rule, it’s good to know what your variables are and where they come from. Let's say you have a function that “makes safe” all your inputs by manipulating $ _REQUEST. When you start using $ _REQUEST, you can never be sure that your "safe" function has been executed. When conducting unit testing, this becomes especially problematic. If you reassign $ _REQUEST to another variable, you can more easily track the scope of this variable. Even if you make this variable “global,” then you know that it is safe, it exists. (Downside, you can waste memory / programming on some extremely heavy applications, but you are far from that if you ask this question.)

  • If you change $ _REQUEST, you are NOT editing $ _POST, $ _GET or $ _COOKIE; this can be confusing if you want to change your code to $ _POST as some time in the future (for example, data that you think you “made safe” will not).

Finally, two quick notes about using $ _REQUEST in general:

  • $ _ REQUEST is a combination of $ _COOKIE, $ _POST and $ _GET (and $ _FILES in older versions). But you do not know which one will be prioritized if you do not read the php.ini file - http://www.php.net/manual/en/ini.core.php#ini.variables-order . Therefore, do not rely on $ _POST, taking precedence over $ _GET!

  • Another reason to use $ _POST, $ _GET or $ _COOKIE if you can: - This makes it easier for the future developer to debug your code, because they know how you plan, where the variable is coming from. But sometimes this is suitable for $ _REQUEST, if you really do not care if it is related to a cookie, receive or publish.

Disclaimer: yes, I use $ _REQUEST, and yes, I changed it to get around some situations. Just tell me if you want to become a better programmer.

+3
source

Is it allowed or useful to somehow assign something to the super global variable $ _REQUEST?

Yes, it is allowed, but not useful.

If there is $ _COOKIE ['start_date'], will this change the value of the cookie?

No, use setcookie http://php.net/manual/en/function.setcookie.php

All of these super global variables are simply simple global arrays.

0
source

Source: https://habr.com/ru/post/918446/

More articles:


All Articles