$_REQUEST - Lazy?
I have read conflicting view points on whether the use of $_REQUEST in your code is good or bad.
But, what is $_REQUEST, and how do I (ab)use it? - $_REQUEST, is an array of data, similar to form submission data $_POST and $_GET, which merges, $_GET, $_POST and $_COOKIE arrays into one 'easy to reference' array.
Until around 3 years ago, I had never used $_REQUEST, and solely used $_POST and $_GET to fetch my URL parameters and form variables. This was mainly due to the fact I was working on smaller scale projects, and was fully aware of the state of all the pages I was coding. However, since beginning to work on larger projects, and utilise code written by other developers, I come across the $_REQUEST variable more and more. Now I am not saying I am perfect, and I must admit I have been pulled to the dark side a bit and do use $_REQUEST overly much, but every time I do, I always look back on my code, and think - I should've taken the time to do this properly.
Should I continually be rewriting other peoples code to use $_GET and $_POST, or continue as I am, succumbing to use of $_REQUEST.
As mentioned I have read many articles about the benefits and drawbacks of both, however the main point I always come to is convenience. Sure it's convenient to check if $_REQUEST['id'] is set when adding or updating product information, but surely, I should always know if that id is being sent via URL or form submission.
Bottom line, I do use $_REQUEST heavily, and I feel I shouldn't. But, to what avail if every time I pick up some code from another developer it is littered with $_REQUEST's. Am I just creating more work for myself? Are the security implications of $_REQUEST that severe, that I really mustn't use it anywhere?
William
But, what is $_REQUEST, and how do I (ab)use it? - $_REQUEST, is an array of data, similar to form submission data $_POST and $_GET, which merges, $_GET, $_POST and $_COOKIE arrays into one 'easy to reference' array.
Until around 3 years ago, I had never used $_REQUEST, and solely used $_POST and $_GET to fetch my URL parameters and form variables. This was mainly due to the fact I was working on smaller scale projects, and was fully aware of the state of all the pages I was coding. However, since beginning to work on larger projects, and utilise code written by other developers, I come across the $_REQUEST variable more and more. Now I am not saying I am perfect, and I must admit I have been pulled to the dark side a bit and do use $_REQUEST overly much, but every time I do, I always look back on my code, and think - I should've taken the time to do this properly.
Should I continually be rewriting other peoples code to use $_GET and $_POST, or continue as I am, succumbing to use of $_REQUEST.
As mentioned I have read many articles about the benefits and drawbacks of both, however the main point I always come to is convenience. Sure it's convenient to check if $_REQUEST['id'] is set when adding or updating product information, but surely, I should always know if that id is being sent via URL or form submission.
Bottom line, I do use $_REQUEST heavily, and I feel I shouldn't. But, to what avail if every time I pick up some code from another developer it is littered with $_REQUEST's. Am I just creating more work for myself? Are the security implications of $_REQUEST that severe, that I really mustn't use it anywhere?
William
Comments
Post a Comment