HTTP_POST_VARS and _GET - Best Practices

cju

I have coded up a bunch of pages where I do not refer to HTTP_POST_VARS and _GET variables with the prefix.

So instead of $HTTP_POST_VARS[user_id], I simply reference $user_id.

The reasoning was that I have the same variables being submitted to the same page, sometimes by form and sometimes by URL variables. So instead of having to have some IF statement to load a local variable based on whether or not it's a form or URL - I could skip that step and refer to the variable minus the prefix.

Well... I moved the code to my workstation where I installed PHP. I'm sure you know what happened next ... they all broke. Addding the appropriate prefix fixes this problem, but does not answer the bigger questions:

1) Is what I did considerd poor practice and if so, why?

2) If it's not a terrible thing to do, what PHP.ini setting would allow me to run the code on my workstation without modification?

Thanks!

shamly

I too used to do my coding the way you discribed. But i changed to using the prefix inorder to accesss the variables that reside in the URL.
The new versions of PHP does not allow you to access a variable in the url, unless you use $HTTP_POST_VARS or $_GET.

saronoff

To let you continue with what you're doing you would want to look for "register_globals" in the php.ini file and turn it from "off" to "on". That would allow you to continue with what you're doing.

Its not poor practice exactly. But the HTTP_POST_VARS and GET or even POST allow you to know where variables are coming from and delinate based on said information. For example, if you're looking for a variable only via GET and its comes via POST you'll ignore it. The vice versa is also true. This allows some extra security that is removed if register_globals is on.