Reputation: 3059
PHP $_REQUEST $_GET or $_POST
Say I have a form:
<form action="form.php?redirect=false" method="post">
<input type="hidden" name="redirect" value="true" />
<input type="submit" />
</form>
On form.php:
var_dump($_GET['redirect']) // false
var_dump($_POST['redirect']) // true
var_dump($_REQUEST['redirect']) // true
How do I get the injected query string parameter to override the $_POST value so $_REQUEST['redirect'] will = false ?
Upvotes: 7
Views: 5737
Answers (6)
Reputation: 101
I just wanted to add in @Chris Hepner 's answer, that as he said:
"the later values have precedence",
later being the letter P than G, and so it means that the POST values have precedence and that POST values overwrite the GET values.
A code example:
<?php
echo ini_get('request_order')."\n";
echo ini_get('variables_order')."\n";
echo var_export($_REQUEST,1);
?>
Results in:
EGPCS
array (
'abc' => '5',
'fed' => '2',
'cde' => '8',
...
)
I added this comment for others looking for information on this
Upvotes: 0
Reputation: 1552
If you want to change precedence of $_GET over $_POST in the $_REQUEST array, change the request_order directive in php.ini.
The default value is:
request_order = "GP"
P stands for POST and G stands for GET, and the later values have precedence, so in this configuration, a value in the query string will override a value passed by POST in the $_REQUEST array. If you want POST to override GET values, just switch them around like so:
request_order = "PG"
You'll need to restart the webserver/php for that to take effect.
(Edited to use the more appropriate request_order as Brad suggested, rather than variables_order)
Upvotes: 11
Reputation: 47776
If you meant false at that last line there, and want $_REQUEST to still have data from both POST and GET data, and don't want to mess with the config, use this:
$_REQUEST = array_merge($_POST, $_GET);
Upvotes: 0
Reputation: 163334
See the request_order directive in PHP.ini.
Really though, you should be explicitly using the superglobal that you specifically want. Otherwise, you cannot rely on consistent behavior from system to system, and then your variables can be accidentally overwritten.
Upvotes: 4
Reputation: 39872
See the request order parameter of PHP. Here you can set whether the array fills post, get, cookie or any combo thereof.
Upvotes: 2
Reputation: 5115
$_REQUEST['redirect'] = $_POST['redirect'];
or
$_REQUEST['redirect'] = $_GET['redirect'];
depending on what you want
Upvotes: 0
Related Questions
- $_POST and $_GET
- POST/GET in PHP
- PHP - Diffrentiating between GET and POST request
- Capturing variable value from URL in PHP which is best, $_GET or $_REQUEST?
- PHP $_POST, $_GET, or $_REQUEST
- is $_REQUEST unsafe to use instead of $_POST or $_GET?
- Which method to be used?
- PHP : Post get method, need some advice
- PHP $_REQUEST Variable
- post vs get for URL params?