$_REQUEST, by default, contains the contents of $_GET, $_POSTand $_COOKIE.

$_REQUEST，默认情况下，包含$_GET,$_POST和的内容$_COOKIE。

But it's only a default, which depends on variables_order; and not sure you want to work with cookies.

但这只是一个默认值，这取决于variables_order; 并且不确定您是否要使用 cookie。

If I had to choose, I would probably not use $_REQUEST, and I would choose $_GETor $_POST-- depending on what my application should do(i.e. one or the other, but not both): generally speaking :

如果我必须选择，我可能不会使用$_REQUEST，我会选择$_GET或$_POST-取决于我的应用程序应该做什么（即一个或另一个，但不是两者）：一般来说：

• You should use $_GETwhen someone is requesting data fromyour application.
• And you should use $_POSTwhen someone is pushing (inserting or updating ; or deleting)data toyour application.

• $_GET当有人从您的应用程序请求数据时，您应该使用。
• $_POST当有人向您的应用程序推送（插入或更新；或删除）数据时，您应该使用它。

Either way, there will not be much of a difference about performances : the difference will be negligible, compared to what the rest of your script will do.

无论哪种方式，性能都不会有太大差异：与脚本的其余部分相比，差异可以忽略不计。

GET vs. POST

GET 与 POST

1) Both GET and POST create an array (e.g. array( key => value, key2 => value2, key3 => value3, ...)). This array holds key/value pairs, where keys are the names of the form controls and values are the input data from the user.

1) GET 和 POST 都创建了一个数组（例如数组（key => value, key2 => value2, key3 => value3, ...)）。该数组包含键/值对，其中键是表单控件的名称，值是来自用户的输入数据。

2) Both GET and POST are treated as $_GET and $_POST. These are superglobals, which means that they are always accessible, regardless of scope - and you can access them from any function, class or file without having to do anything special.

2) GET 和 POST 都被视为 $_GET 和 $_POST。这些是超全局变量，这意味着无论作用域如何，它们始终可以访问 - 您可以从任何函数、类或文件访问它们，而无需执行任何特殊操作。

3) $_GET is an array of variables passed to the current script via the URL parameters.

3) $_GET 是通过 URL 参数传递给当前脚本的变量数组。

4) $_POST is an array of variables passed to the current script via the HTTP POST method.

4) $_POST 是通过 HTTP POST 方法传递给当前脚本的变量数组。

When to use GET?

什么时候使用 GET？

Information sent from a form with the GET method is visible to everyone (all variable names and values are displayed in the URL). GET also has limits on the amount of information to send. The limitation is about 2000 characters. However, because the variables are displayed in the URL, it is possible to bookmark the page. This can be useful in some cases.

使用 GET 方法从表单发送的信息对所有人可见（所有变量名称和值都显示在 URL 中）。GET 对发送的信息量也有限制。限制是大约 2000 个字符。但是，由于变量显示在 URL 中，因此可以为页面添加书签。这在某些情况下很有用。

GET may be used for sending non-sensitive data.

GET 可用于发送非敏感数据。

Note: GET should NEVER be used for sending passwords or other sensitive information!

注意：GET 绝对不能用于发送密码或其他敏感信息！

When to use POST?

什么时候使用POST？

Information sent from a form with the POST method is invisible to others (all names/values are embedded within the body of the HTTP request) and has no limits on the amount of information to send.

使用 POST 方法从表单发送的信息对其他人不可见（所有名称/值都嵌入在 HTTP 请求的正文中）并且对要发送的信息量没有限制。

Moreover POST supports advanced functionality such as support for multi-part binary input while uploading files to server.

此外，POST 支持高级功能，例如在将文件上传到服务器时支持多部分二进制输入。

However, because the variables are not displayed in the URL, it is not possible to bookmark the page.

但是，由于变量未显示在 URL 中，因此无法为页面添加书签。

$_GET retrieves variables from the querystring, or your URL.>

$_POST retrieves variables from a POST method, such as (generally) forms.

$_REQUEST is a merging of $_GET and $_POST where $_POST overrides $_GET. Good to use $_REQUEST on self refrential forms for validations.

$_GET 从查询字符串或您的 URL 中检索变量。>

$_POST 从 POST 方法中检索变量，例如（通常）表单。

$_REQUEST 是 $_GET 和 $_POST 的合并，其中 $_POST 覆盖了 $_GET。最好在自引用表单上使用 $_REQUEST 进行验证。

I'd suggest using $_POSTand $_GETexplicitly.

我建议使用$_POST和$_GET明确。

Using $_REQUEST should be unnecessary with proper site design anyway, and it comes with some downsides like leaving you open to easier CSRF/XSSattacks and other silliness that comes from storing data in the URL.

无论如何，对于适当的站点设计，使用 $_REQUEST 应该是不必要的，它会带来一些缺点，例如让您容易受到CSRF/XSS攻击，以及在 URL 中存储数据带来的其他愚蠢行为。

The speed difference should be minimal either way.

无论哪种方式，速度差异都应该是最小的。

Use REQUEST. Nobody cares about the speed of such a simple operation, and it's much cleaner code.

使用请求。没有人关心这样一个简单操作的速度，而且它的代码更简洁。

Don't worry. But you should still use the second solution (plus an extra check for none of those variables existing), because there are security issues with $_REQUEST(since $_GETand $_POSTaren't the only sources for that array).

别担心。但是您仍然应该使用第二个解决方案（加上对不存在这些变量的额外检查），因为存在安全问题$_REQUEST（因为$_GET并且$_POST不是该数组的唯一来源）。

There was a post about the problems with $_REQUESTyesterday, I believe. Let me go find it.

$_REQUEST我相信昨天有一篇关于问题的帖子。让我去找。

EDIT: Oh well, not directly a post, but here it is anyway: http://kuza55.blogspot.com/2006/03/request-variable-fixation.html

编辑：哦，不是直接的帖子，但无论如何都在这里：http: //kuza55.blogspot.com/2006/03/request-variable-fixation.html

if (isset($_GET['s'])) {
  $temp = $_GET['s'];
}
else {
  $temp = $_POST['s'];
}

Use that because it is safer and it won't make noticeable speed difference

使用它是因为它更安全并且不会产生明显的速度差异

There are certain security concerns involved as a hacker can set a cookie that will override a $_POST or $_GET value. If you handle sensitive data, I would not recommend using $_REQUEST. – Xandor

由于黑客可以设置将覆盖 $_POST 或 $_GET 值的 cookie，因此涉及某些安全问题。如果您处理敏感数据，我不建议使用 $_REQUEST。– 山多

you can't be used $_GETalternative of $_POSTon some case.

在某些情况下，您不能用作$_GET替代品$_POST。

When ??

什么时候 ？？

• when you want to upload a file.
• when you don't won't to show a data in url.

• 当您要上传文件时。
• 当你不想在 url 中显示数据时。

GETalso has limits on the amount of information to send. The limitation is about 2000 characters.

GET对发送的信息量也有限制。限制是大约 2000 个字符。

Other thing's there are few case when you can't retrieve a data using $_POST

其他情况是，您无法使用检索数据的情况很少 $_POST

When ?

什么时候 ？

• when data is passed in URL.

• 当数据在 URL 中传递时。

For Rest Service

休息服务

`GET` - Provides a read only access to a resource.

`PUT` - Used to create a new resource.

there is nothing be wrong to use $_REQUEST.

使用没有任何问题$_REQUEST。

But the way to do that is to check $_SERVER['REQUEST_METHOD'] explicitly, not rely on $_POST being empty for a GET.

但是这样做的方法是显式检查 $_SERVER['REQUEST_METHOD']，而不是依赖 $_POST 为空来获取 GET。

$_GET retrieves variables from the querystring, or your URL.>

$_GET 从查询字符串或您的 URL 中检索变量。>

$_POST retrieves variables from a POST method, such as (generally) forms.

$_POST 从 POST 方法中检索变量，例如（通常）表单。

$_REQUEST is a merging of $_GET and $_POST where $_POST overrides $_GET. Good to use $_REQUEST on self refrential forms for validations.

$_REQUEST 是 $_GET 和 $_POST 的合并，其中 $_POST 覆盖了 $_GET。最好在自引用表单上使用 $_REQUEST 进行验证。

I only ever use _GET or _POST. I prefer to have control.

我只使用 _GET 或 _POST。我更喜欢控制。

What I don't like about either code fragment in the OP is that they discard the information on which HTTP method was used. And that information is important for input sanitization.

我不喜欢 OP 中的任何一个代码片段的是，它们丢弃了有关使用哪种 HTTP 方法的信息。这些信息对于输入清理很重要。

For example, if a script accepts data from a form that's going to be entered into the DB then the form had better use POST (use GET only for idempotent actions). But if the script receives the input data via the GET method then it should (normally) be rejected. For me, such a situation might warrant writing a security violation to the error log since it's a sign somebody is trying something on.

例如，如果脚本接受来自要输入数据库的表单的数据，那么该表单最好使用 POST（仅对幂等操作使用 GET）。但是如果脚本通过 GET 方法接收输入数据，那么它应该（通常）被拒绝。对我来说，这种情况可能需要在错误日志中写入安全违规，因为这是某人正在尝试某些东西的标志。

With either code fragment in the OP, this sanitization wouldn't be possible.

使用 OP 中的任一代码片段，这种清理是不可能的。