Why use $this->security->post['var'] instead of $_POST['var']?

Asked by jsherk on 2010-12-24

Why would I want to use this:
$myVar = $this->security->post['var'];

instead of this:
$myVar = $_POST['var'];

Is there some advantage to using the security method, or is there some other processing that takes place?

Thanks

Question information

Language:
English Edit question
Status:
Solved
For:
PHPDevShell Edit question
Assignee:
No assignee Edit question
Solved by:
TitanKing
Solved:
2011-01-17
Last query:
2011-01-17
Last reply:
2011-01-17
Greg (gregfr) said : #1

This is a field we haven't completed yet. The goal is that you never access a global variable, but instead use accessors from the framework, such as:

$myVar = $this->security->post('var');

There are two benefits:
1- $_POST['var'] might not be defined, in that case you would get a warning (and it would break in strict mode)
2- you can't have pre-processing, for some reason (security or other) you may want to process it (for example have a default non-null value) before using.

Currently, the post array of the security object contains filtered values (sql safe, I think)

Best TitanKing (titan-phpdevshell) said : #2

$myVar = $this->security->post['var']; provides cleanup up and escaped code for safe sql inserts.

jsherk (jeff-forerunnertv) said : #3

Thanks TitanKing, that solved my question.