Today, we will discuss the most prominent and useful superglobal in PHP, $_REQUEST, to get user input. The $_REQUEST array lets you retrieve this data, whether it comes through a form, a URL, or cookies in direct contact with the user.
This superglobal can contain a wide variety of data derived from different HTTP request methods; for example, it consolidates $_GET, $_POST, and $_COOKIE data into a single, convenient array.
Therefore, if we are dealing with forms or user interactions, this variable helps us avoid creating a handler for each request type.
What is $_REQUEST and How Does it Work in PHP?
PHP $_REQUEST is a pre-defined (superglobal) array. This also means you do not need to include it or initialize it—it always works.
Treat it like a collection of all data sent to the script at once, whether it is fetched with forms, or sent directly with query strings or cookies.
This lets you access user input all in one place with $_REQUEST. When a user submits a form, types a URL with query parameters, or triggers any action using GET, POST, or COOKIE data, $_REQUEST captures that input. It then stores everything in one convenient location.
This is very useful when you may not know which request method a user will use, as $_REQUEST merges them all.
Note: You have to keep in mind that the array order is GET, POST, then COOKIE data, meaning for any duplicate keys, the default value will come from GET values first, then POST, then COOKIE. If you have a key named “user” in both GET and POST requests, $_REQUEST will take the value from GET.
Why Would I Use PHP $_REQUEST Over Other Superglobals?
The choice between $_REQUEST, $_GET, $_POST, or $_COOKIE depends on the level of control needed. GET, POST, and COOKIE each capture data from specific request methods. So, it helps to know exactly how users will send data.
When you need flexibility or use multiple request methods, $_REQUEST becomes very useful. You won’t need separate handlers for each method.
For example, with a form submission using both GET and POST, $_REQUEST reads both automatically. No extra coding is required.
Next, you’ll learn how to retrieve data with $_REQUEST. It also includes a few simple examples to show how it works.
How to Access Data in PHP $_REQUEST
Using $_REQUEST is straightforward. You use it like an array—just provide the key of the data you want to retrieve. Here’s a simple example:
$username = $_REQUEST['username'];
echo "Hello, " . htmlspecialchars($username);The username in the code above is extracted from any incoming GET, POST, or COOKIE request.
Again, (and this is the last point I’ll make): always sanitize input when working with user data. This helps protect your application from security vulnerabilities.
In this example, htmlspecialchars guards against cross-site scripting (XSS) attacks by converting special characters to their HTML entities.
Now, let’s look at some examples.
Examples of Use Cases of PHP $_REQUEST
Multi-Step Form Handling:
Suppose you are creating a login page where users can submit credentials either as a GET or as a POST.
Using $_REQUEST means you can access either in an easy manner without having to check extra code to see if the GET or the POST method was used.
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];Handling Data as One Piece in Multi-Step Forms with PHP $_REQUEST.
Multi-step forms may mean that data can come from a variety of requests as the users go from step to step.
By using $_REQUEST, you keep your data handling lean. Rather than specifying any of the methods, you catch all form data as users progress through it; this cleans up the code and makes it easier to manage.
Wrapping Up
PHP provides the $_REQUEST superglobal variable for handling data from user submission forms, URLs, and cookies.
It expands and merges GET, POST, and COOKIE data into a single super-array, allowing user data to be accessed through a single, convenient method instead of requiring separate handlers for each type.
When working with multi-step forms or mixed-method requests, $_REQUEST simplifies coding and ensures you can access the data you need. However, always sanitize user inputs to maintain security.