I just started to learn PHP and doing things with WordPress and I am a bit confused about information in Codex. Was told that Codex got all info I required but I got stuck with it.
What array fields are in $_REQUEST in WordPress? Can not find it in Codex.
E.g.: people use
$my_contact = $_REQUEST['contact'];
How do they know $_REQUEST has 'contact' field?
Is there any workflow to find informations about variables which are not described in Codex? Should I print off all the array to see what fields are inside?
Google does not help me.. about $_REQUEST.
I just started to learn PHP and doing things with WordPress and I am a bit confused about information in Codex. Was told that Codex got all info I required but I got stuck with it.
What array fields are in $_REQUEST in WordPress? Can not find it in Codex.
E.g.: people use
$my_contact = $_REQUEST['contact'];
How do they know $_REQUEST has 'contact' field?
Is there any workflow to find informations about variables which are not described in Codex? Should I print off all the array to see what fields are inside?
Google does not help me.. about $_REQUEST.
Share Improve this question edited Mar 19, 2012 at 13:21 Michal Mau 3,4272 gold badges29 silver badges35 bronze badges asked Mar 19, 2012 at 12:18 RafalRafal 611 gold badge1 silver badge2 bronze badges 1- Close-voted as off-topic. This is an HTTP question, not a WordPress question. – Chip Bennett Commented Mar 19, 2012 at 12:29
5 Answers
Reset to default 10This is mostly pure PHP, but it does have WordPress twist.
PHP has number of superglobal variables, that contain information relevant to current request. Out of those:
$_GETcontains info from URL (HTTP GET request)$_POSTinfo from form submission (HTTP POST request)$_COOKIESabout cookies set- and
$_REQUESTis combination of the above (according to docs$_COOKIEScan be commonly configured to skip for better security)
However WP enforces its own logic - during load process wp_magic_quotes() processes variables to emulate magic quotes setting and enforces $_REQUEST to contain combination of $_GET and $_POST, no matter what PHP configuration says.
So in WordPress environment it will contain GET and/or POST request data. What data exactly that is will depend entirely which page you are on and what is happening on it.
Just a note about $_REQUEST: Whenever you see this in a code you know it is written by a beginner. As @Rarst explained it is a combination of multiple sources. But why should anyone want to process data which should be send per POST only if they are in fact send per GET?
Do not accept data from an input stream you haven’t declared previously. Use $_GET if you want GET and $_POST if you want POST. Nothing else.
To access POSTed data without WordPress’ intervention use the input stream wrapper php://input.
So, instead of …
// already changed by WordPress when you get it
$data = $_POST;
… use …
// Doesn’t work with 'enctype="multipart/form-data"'
$data = file_get_contents( 'php://input' );
And don’t forget data validation.
You mentioned printing off the array, so you might know how to do this already. You can see all the elements of an array in PHP by executing print_r($_REQUEST);. This would give you the exact information each page has access to from $_REQUEST.
Although the caveat here is that every page might have different keys set. Also, it might be beneficial to write this to a temporary logfile, depending on if you are in production. You wouldn't want your visitors seeing this output.
I needed it just for the test. Did as you advised, wrote all fiels into a file, used hook 'comment_post' to make sure $_REQUEST has data just after a comment is posted.
function rj_comment() {
// sprint_r as print_r
function sprint_r($var) {
ob_start();
print_r($var);
$output=ob_get_contents();
ob_end_clean();
return $output;
}
global $_REQUEST;
$stringData = sprint_r($_REQUEST);
$myFile = "c:/s_request_fiels.txt"; #file name
$fh = fopen($myFile, 'w') or die("can't open file");
fwrite($fh, $stringData);
fclose($fh);
};
add_action ('comment_post','rj_comment');
To answer this following question of yours:
How do they know $_REQUEST has 'contact' field?
My answer is this :
They know because They have written this hidden input field inside the <form> (as the first input field) like bellow:
<input type="hidden" name="contact" value="advanced">
They can also enable their custom search template instead of the default search.php by writing the following code in functions.php
<?php
function wpse_load_custom_search_template(){
if( isset($_REQUEST['contact']) == 'advanced' ) {
require('advanced-search-result.php');
die();
}
}
add_action('init','wpse_load_custom_search_template');
?>
Hope it helps you to understand the fact how do they know what field $_REQUEST has.