$_post

spectacell

Hello!

I have a FORM-proccesing question:

Why use $_POST["name"]; when you just aswell can write $name...

is $_POST["name"]; better?

Regards
/Emil

sgoku01

I don't know exactly, but I thought it caused some errors on php 4.3.0 when you don't use $_post.

And $_POST looks much cooler then just the variable name 😃

eoghain

$_POST["name"] is more secure. if you have your variables being automatically mapped then $name could be either a POST var, and GET var, a COOKIE var, or a SESSION var and you don't know where it came from.

This can cause you problems like if you have a var named $admin that you set in a session after you've logged in, and then check to see if you should show an admin menu. So if you were just checking $admin and not $_SESS["admin"] a user could call your page with ?admin=1 added to the end of the URL (or something like that, and possibly get access to your administration tools.

The best practice is to always use $_ variables so that you know you exactly what you are looking for/at.

spectacell

ok thanks for the help!

ahundiak

The other issue is that starting with PHP 4.1, the register_globals variable defaults to off. So just using $name does not work at all.

It's best to use $POST,$GET,$_COOKIE etc. at least until the php developers change again.