PHP: Is it bad practice to use an unset variable?

Question

For example, if I want to use the code:

$foo = $_POST['foo']. $_GET['foo'];

to get a value whether passed by POST or GET, is this acceptable or bad practice?

Answer 1

Don't see anything in your answer which is to be unsetted, though you can use $_REQUEST['foo'], as that will consider $_POST as well as $_GET but again, your code will be dirty, say for example I tweaked the method value, for login form, users can easily attack your website...

So be wise, use $_GET[] and $_POST[] instead of using loose $_REQUEST[]

If for any means, you are using $_REQUEST thank make sure you use conditions to check whether the request is GET or POST using $_SERVER['REQUEST_METHOD']

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
   //Do something
}

Answer 2

I would go with:

$foo = isset($_REQUEST['foo']) ? $_REQUEST['foo'] : null;

More at: http://php.net/manual/pt_BR/reserved.variables.request.php

Answer 3

to get value whether passeb by POS or GET use this

$foo = $_REQUEST['foo'];

Answer 4

If you configure your development server PHP to throw all warnings, you will find out.

Answer 5

why are you using . operator, if i am not wrong this would concatenate the result, as the above suggested using $_REQUEST would be the better approach.

Answer 6

Yes, it's terrible. There are two problems:

1. It will raise a warning
2. Concatenation is not suited for this use case

If you want to get a key from either $_POST, or $_GET, and you don't care which one the key is present in, you can use the $_REQUEST superglobal with the following idiom:

$var = isset($_REQUEST['foo']) ? $_REQUEST['foo'] : null;

$_REQUEST is the union of $_GET and $_POST.