Home > Uncategorized > Use $_REQUEST Sparingly

Use $_REQUEST Sparingly

Just tracked down an interesting bug that I thought should be mentioned.  Here’s the references so we all understand this a bit better.

$_REQUEST contains a combination of $_GET, $_POST, and $_COOKIE by default.

The variables_order configuration (php.ini) is what determines the content of that $_REQUEST array.

variables_order = GPC

This means that GET, POST, and COOKIE are all mashed up in the $_REQUEST array.   Each one overriding the previous key/value pairs if they exist.

One feature our application has is the ability to track the last selected tab on a page by storing the tab_id in a cookie.  This is only set when you visit certain tabs.   Some time later a new feature was created that also used a tab_id field.  A random bug started occurring where the tab_id for the new report was not at all correct, causing incorrect data to be saved.

Turns out the cookie data was to blame.  This bug only showed up if you had visited one of the tabs that saved the tab_id to your cookie.    The javascript for the new report was explicitly posting the data but the controller was receiving the wrong value, because it was using $_REQUEST.   Since cookie values override post values the controller was seeing the tab_id from the cookie ($_COOKIE) instead of the $_POST value we really wanted.

You should be using the most restrictive superglobal possible, in this case POST should have been used instead of REQUEST.

Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: