What's wrong with using $_REQUEST[]?

Question

I\'ve seen a number of posts on here saying not to use the $_REQUEST variable. I usually don\'t, but sometimes it\'s convenient. What\'s wrong with it?

Answer 1

The central problem is that it contains cookies, as others have said.

In PHP 7 you can do this:

$request = array_merge($_GET ?? [], $_POST ?? []);

This avoids the cookie problem and gives you at worst an empty array and at best a merger of $_GET and $_POST with the latter taking precedence. If you are not too bothered with allowing URL injection of parameters through the query string, it's quite convenient.