Why use $this->security->post['var'] instead of $_POST['var']?

Asked by jsherk

Why would I want to use this:
$myVar = $this->security->post['var'];

instead of this:
$myVar = $_POST['var'];

Is there some advantage to using the security method, or is there some other processing that takes place?


Question information

English Edit question
PHPDevShell Edit question
No assignee Edit question
Solved by:
Last query:
Last reply:
Revision history for this message
Greg (gregfr) said :

This is a field we haven't completed yet. The goal is that you never access a global variable, but instead use accessors from the framework, such as:

$myVar = $this->security->post('var');

There are two benefits:
1- $_POST['var'] might not be defined, in that case you would get a warning (and it would break in strict mode)
2- you can't have pre-processing, for some reason (security or other) you may want to process it (for example have a default non-null value) before using.

Currently, the post array of the security object contains filtered values (sql safe, I think)

Revision history for this message
Best TitanKing (titan-phpdevshell) said :

$myVar = $this->security->post['var']; provides cleanup up and escaped code for safe sql inserts.

Revision history for this message
jsherk (jeff-forerunnertv) said :

Thanks TitanKing, that solved my question.