Why should I use $_GET and $_POST instead of $_REQUEST? [duplicate]

Question

Besides the fact that $_REQUEST reads from cookies, are there any reasons why I should use $_GET and $_POST instead of $_REQUEST? What are theoretical and practical reasons for doing so?

Answer 1

I use $_REQUEST when I just want certain data from the user to return certain data.

Never use $_REQUEST when the request will have side effects. Requests that produce side effects should be POST (for semantic reasons, and also because of basic CSRF stuff, a false img tag can hit any GET endpoint without a user even knowing).

$_GET should be used when GETing or POSTing to a page will produce different results.

Answer 2

Besides the fact that $_REQUEST reads from cookies

Besides the fact that this is undefined (It's configurable on a per-installation level), the problem using $_REQUEST is that it over-simplifies things. There is (or should be) a semantic difference between a GET request and a POST request. Thus it should matter to your application if you get input from one source or the other. This is how the HTTP protocol is defined, so by ignoring it, you are undermining the protocol, which makes your application less interoperable. It's the same type argument that can be made for using semantic HTML markup, rather than presentation-oriented markup. Or more generally, following the intentions of a protocol rather than just doing whatever works in the concrete situation.