When and why should $_REQUEST be used instead of $_GET / $_POST / $_COOKIE?

I’d say never.

If I wanted something to be set via the various methods, I’d code for each of them to remind myself that I’d done it that way – otherwise you might end up with things being overwritten without realising.

Shouldn’t it work like this:

$_GET = non destructive actions (sorting, recording actions, queries)

$_POST = destructive actions (deleting, updating)

$_COOKIE = trivial settings (stylesheet preferences etc)

$_SESSION = non trivial settings (username, logged in?, access levels)

Leave a Comment