What's wrong with using $_REQUEST[]?

Question

I\'ve seen a number of posts on here saying not to use the $_REQUEST variable. I usually don\'t, but sometimes it\'s convenient. What\'s wrong with it?

Answer 1

It's important to understand when to use POST, when to use GET and when to use a cookie. With $_REQUEST, the value you're looking at could have come from any of them. If you expect to get the value from a POST or a GET or from a COOKIE, it's more informative to someone reading your code to use the specific variable instead of $_REQUEST.

Someone else pointed out also that you don't want to all POST's or cookies to be overridden by GETs because there are different cross-site rules for all of them, for instance, if you return ajax data while using $_REQUEST, you are vulnerable to a cross site script attack.