What happens if you assign a value to $_REQUEST?
I recently came across this line in a PHP script:
$_REQUEST['start_date']=$date;
Is it allowed or useful in any way to assign something to the super global $_REQUEST variable? If there is a $_COOKIE['start_date'] will this change the cookie value?
Answer
Yes, its allowed and might be helpful for a number of reasons.
- Debugging -- If, for some reason you want to "force" a certain request parameter, you can set a value in the
$_REQUEST,$_GET, or$_POSTarrays. This would override any value sent by the requesting page, which may be desired. - Because you're going to do something with the entire array -- if you want to, for example,
json_encodeall of the$_REQUESTkey-value pairs as well as some additional values, it might be faster to just "add" values to$_REQUESTin this manner, then pass$_REQUESTtojson_encode().
Regarding your question about $_COOKIE, no you can't change the value of a cookie that way, only access it.
Note from author: The following example was added as a suggested and approved edit to my original answer. And while it may work, there are better ways to protect your site from injection attacks (e.g. prepared statements). IMHO, a prudent programmer should strongly consider these approaches before relying on the code below.
Think about preventing SQL injection attacks on your website. That simple code will stop them for all $_REQUEST variables (mysqli example):
function injectionwall($dbinterface)
{
foreach($_REQUEST as $key => $data)
{
$_REQUEST[$key]=$dbinterface->real_escape_string($data);
}
}
All $_REQUEST variables are now safe to use :)