[Vtigercrm-developers] Why use _REQUEST when we have _POST or _GET?

Adam Heinz amh at metricwise.net
Mon Oct 8 07:20:28 PDT 2012 

On Mon, Oct 8, 2012 at 5:03 AM, Jorge Hoya <jorge at jorgehoya.es> wrote:
> Hi all, I have a question:
>
> If I want receive information from a html form, why I use _REQUEST variable
> if I have the _POST one?

This is a common shortcut taken to avoid losing data when url
variables and form data are mixed together.

> This question comes from the using of _REQUEST
> variable into vTiger's php code (for example:
> customerportal/HelpDesk/SaveTicket.php; modules/Potentials/Save.php).
>
> PHP's official documentation talk's about this subject ( [1], [2]) and they
> say that the _REQUEST information is not always the same, it depends on the
> php.ini directives  "request_order" and "variables_order". If we use this
> form:
>
> <form name="frmProbe" action="?txtName=hello" method="post">
>         <input type="text" name="txtName" value="bye" />
>         <input type="submit" name="btnSend" value= "Send" />
> </form>
>
> What will be the value of "txtName" variable? If we change the value of
> php.ini directive "variables_order" (or "request_order"), wich will be the
> new value? What implicattions will this behaviour have on vtiger
> installation? As we can't assure that php's configuration of every web
> server will be the same, we must create web applications that work with
> correct variables:

That's a fair assessment.  You can't expect webhosts to have any
particular configuration, and some settings can't be specified from
within PHP.

> If we expect information from a html form, we should use POST; if we expect
> information from URL we should use GET.

Opening a page to edit an entity should be a GET, but the subsequent
form submission should be a DELETE, POST or PUT.  I'm in favor of
precise and correct use of HTTP 1.1 methods [5].

>
> This is my opinion, wich is yours?
>
> [1] http://php.net/manual/en/reserved.variables.request.php
> [2] http://www.php.net/manual/en/ini.core.php#ini.request-order
> [3] http://devlog.info/2010/02/04/why-php-request-array-is-dangerous/
> [4]
> http://stackoverflow.com/questions/1419175/why-would-you-merge-get-and-post-
> in-php

[5]http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html

More information about the vtigercrm-developers mailing list