Say I have a form:
<form action="form.php?redirect=false" method="post">
<input type="hidden" name="redirect" value="true" />
<input type="submit" />
</form>
On form.php:
var_dump($_GET['redirect']) // false
var_dump($_POST['redirect']) // true
var_dump($_REQUEST['redirect']) // true
How do I get the injected query string parameter to override the $_POST
value so $_REQUEST['redirect']
will = false
?
Now, There are total three super global variables to catch this data in PHP. $_POST : It can catch the data which is sent using POST method. $_GET : It can catch the data which is sent using GET method. $_REQUEST : It can catch the data which is sent using both POST & GET methods.
How to use it? Before you can use the the $_POST variable you have to have a form in html that has the method equal to POST. Then in the php, you can use the $_POST variable to get the data that you wanted. The $_POST syntax is ($_POST['name of the form field goes here']).
PHP $_REQUEST is a PHP super global variable which is used to collect data after submitting an HTML form. The example below shows a form with an input field and a submit button. When a user submits the data by clicking on "Submit", the form data is sent to the file specified in the action attribute of the <form> tag.
The PHP $_REQUEST is a PHP superglobal variable that is used to collect the data after submitting the HTML forms as the $_REQUEST variable is useful to read the data from the submitted HTML open forms. $_REQUEST is an associative array that by default contains contents of an $_GET, $_POST, and $_COOKIE.
If you want to change precedence of $_GET
over $_POST
in the $_REQUEST
array, change the request_order directive in php.ini.
The default value is:
request_order = "GP"
P stands for POST and G stands for GET, and the later values have precedence, so in this configuration, a value in the query string will override a value passed by POST in the $_REQUEST
array. If you want POST to override GET values, just switch them around like so:
request_order = "PG"
You'll need to restart the webserver/php for that to take effect.
(Edited to use the more appropriate request_order as Brad suggested, rather than variables_order)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With