[Vtigercrm-developers] Why use _REQUEST when we have _POST or _GET?

Jorge Hoya jorge at jorgehoya.es
Mon Oct 8 08:21:38 PDT 2012 

I'm already know why people use _REQUEST but I believe that using it is due
to a bad design into a web application. I asked it to doing people thinking
about this subject. It would be great if in future versions of vtiger the
developers have this issue in mind. 

Thanks for your answer :-)



-----Mensaje original-----
De: vtigercrm-developers-bounces at lists.vtigercrm.com
[mailto:vtigercrm-developers-bounces at lists.vtigercrm.com] En nombre de
vtigercrm-developers-request at lists.vtigercrm.com
Enviado el: lunes, 08 de octubre de 2012 15:36
Para: vtigercrm-developers at lists.vtigercrm.com
Asunto: *** PROBABLY SPAM *** vtigercrm-developers Digest, Vol 81, Issue 13
On Mon, Oct 8, 2012 at 5:03 AM, Jorge Hoya <jorge at jorgehoya.es> wrote:
> Hi all, I have a question:
>
> If I want receive information from a html form, why I use _REQUEST
variable
> if I have the _POST one?

This is a common shortcut taken to avoid losing data when url
variables and form data are mixed together.

> This question comes from the using of _REQUEST
> variable into vTiger's php code (for example:
> customerportal/HelpDesk/SaveTicket.php; modules/Potentials/Save.php).
>
> PHP's official documentation talk's about this subject ( [1], [2]) and
they
> say that the _REQUEST information is not always the same, it depends on
the
> php.ini directives  "request_order" and "variables_order". If we use this
> form:
>
> <form name="frmProbe" action="?txtName=hello" method="post">
>         <input type="text" name="txtName" value="bye" />
>         <input type="submit" name="btnSend" value= "Send" />
> </form>
>
> What will be the value of "txtName" variable? If we change the value of
> php.ini directive "variables_order" (or "request_order"), wich will be the
> new value? What implicattions will this behaviour have on vtiger
> installation? As we can't assure that php's configuration of every web
> server will be the same, we must create web applications that work with
> correct variables:

That's a fair assessment.  You can't expect webhosts to have any
particular configuration, and some settings can't be specified from
within PHP.

> If we expect information from a html form, we should use POST; if we
expect
> information from URL we should use GET.

Opening a page to edit an entity should be a GET, but the subsequent
form submission should be a DELETE, POST or PUT.  I'm in favor of
precise and correct use of HTTP 1.1 methods [5].

>
> This is my opinion, wich is yours?
>
> [1] http://php.net/manual/en/reserved.variables.request.php
> [2] http://www.php.net/manual/en/ini.core.php#ini.request-order
> [3] http://devlog.info/2010/02/04/why-php-request-array-is-dangerous/
> [4]
>
http://stackoverflow.com/questions/1419175/why-would-you-merge-get-and-post-
> in-php

[5]http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html

More information about the vtigercrm-developers mailing list