$_REQUEST

$_REQUESTHTTP Request 变量

说明

默认情况下包含了 $_GET$_POST$_COOKIE数组

更新日志

版本 说明
5.3.0 引入 request_order。该指令会影响 $_REQUEST 的内容。
4.3.0 $_FILES 信息被从 $_REQUEST 中移除。
4.1.0 引入 $_REQUEST

注释

Note:

"Superglobal"也称为自动化的全局变量。这就表示其在脚本的所有作用域中都是可用的。不需要在函数或方法中用 global $variable; 来访问它。

Note:

命令行方式运行时,将包含 argvargc 信息;它们将存在于 $_SERVER 数组

Note:

由于 $_REQUEST 中的变量通过 GET,POST 和 COOKIE 输入机制传递给脚本文件,因此可以被远程用户篡改而并不可信。这个数组的项目及其顺序依赖于 PHP 的 variables_order 指令的配置。

参见

User Contributed Notes

Luke Madhanga 23-May-2016 05:45
To access $_POST, $_GET, etc, use the function filter_input(TYPE, varname, filter) to ensure that your data is clean.

Also, I was brought up to believe that modifying superglobals is a BAD idea. I stand by this belief and would recommend you do too
Anonymous 03-Jan-2016 05:54
Note you should use $_GET, $_POST and $_COOKIE seperately if you use same name or your not sure.
Because there are "overwrite" problems with $_REQUEST :

Example:
$_GET['foo'] is a 'hello' string   //from user input
$_POST['foo'] is a 'world' string   //from user input

Then the $_REQUEST['foo'] would be a 'world' string. The value 'hello' is overwritten.

So don't use $_REQUEST to monitor user inputs.
mike o. 12-Mar-2010 01:31
The default php.ini on your system as of in PHP 5.3.0 may exclude cookies from $_REQUEST.  The request_order ini directive specifies what goes in the $_REQUEST array; if that does not exist, then the variables_order directive does.  Your distribution's php.ini may exclude cookies by default, so beware.
John Galt 07-Dec-2009 02:36
I wrote a function because I found it inconvenient if I needed to change a particular parameter (get) while preserving the others. For example, I want to make a hyperlink on a web page with the URL http://www.example.com/script.php?id=1&blah=blah+blah&page=1 and change the value of "page" to 2 without getting rid of the other parameters.

<?php
 
function add_or_change_parameter($parameter, $value)
 {
 
$params = array();
 
$output = "?";
 
$firstRun = true;
  foreach(
$_GET as $key=>$val)
  {
   if(
$key != $parameter)
   {
    if(!
$firstRun)
    {
    
$output .= "&";
    }
    else
    {
    
$firstRun = false;
    }
   
$output .= $key."=".urlencode($val);
   }
  }
  if(!
$firstRun)
  
$output .= "&";
 
$output .= $parameter."=".urlencode($value);
  return
htmlentities($output);
 }
?>

Now, I can add a hyperlink to the page (http://www.example.com/script.php?id=1&blah=blah+blah&page=1) like this:
<a href="<?php echo add_or_change_parameter("page", "2"); ?>">Click to go to page 2</a>

The above code will output
<a href="?id=1&amp;blah=blah+blah&amp;page=2">Click to go to page 2</a>

Also, if I was setting "page" to a string rather than just "2", the value would be urlencode()'d.
<a href="<?php echo add_or_change_parameter("page", "banana+split!"); ?>">Click to go to page banana split!</a>
would become
<a href="?id=1&amp;blah=blah+blah&amp;page=banana+split%21">Click to go to page banana split!</a>

[EDIT BY danbrown AT php DOT net: Contains a bugfix provided by (theogony AT gmail DOT com), which adds missing `echo` instructions to the HREF tags.]
strata_ranger at hotmail dot com 17-Jul-2008 05:04
Don't forget, because $_REQUEST is a different variable than $_GET and $_POST, it is treated as such in PHP -- modifying $_GET or $_POST elements at runtime will not affect the ellements in $_REQUEST, nor vice versa.

e.g:

<?php

$_GET
['foo'] = 'a';
$_POST['bar'] = 'b';
var_dump($_GET); // Element 'foo' is string(1) "a"
var_dump($_POST); // Element 'bar' is string(1) "b"
var_dump($_REQUEST); // Does not contain elements 'foo' or 'bar'

?>

If you want to evaluate $_GET and $_POST variables by a single token without including $_COOKIE in the mix, use  $_SERVER['REQUEST_METHOD'] to identify the method used and set up a switch block accordingly, e.g:

<?php

switch($_SERVER['REQUEST_METHOD'])
{
case
'GET': $the_request = &$_GET; break;
case
'POST': $the_request = &$_POST; break;
.
.
// Etc.
.
default:
}
?>