PHPDevShell

Why use $this->security->post['var'] instead of $_POST['var']?

Asked by jsherk on 2010-12-24

Why would I want to use this:
$myVar = $this->security->post['var'];

instead of this:
$myVar = $_POST['var'];

Is there some advantage to using the security method, or is there some other processing that takes place?

Thanks

Question information

Language:: English Edit question

Status:: Solved

For:: PHPDevShell Edit question

Assignee:: No assignee Edit question

Solved by:: TitanKing

Solved:: 2011-01-17

Last query:: 2011-01-17

Last reply:: 2011-01-17

Link existing bug

Greg (gregfr) said on 2010-12-27:

This is a field we haven't completed yet. The goal is that you never access a global variable, but instead use accessors from the framework, such as:

$myVar = $this->security->post('var');

There are two benefits:
1- $_POST['var'] might not be defined, in that case you would get a warning (and it would break in strict mode)
2- you can't have pre-processing, for some reason (security or other) you may want to process it (for example have a default non-null value) before using.

Currently, the post array of the security object contains filtered values (sql safe, I think)

TitanKing (titan-phpdevshell) said on 2011-01-17:

$myVar = $this->security->post['var']; provides cleanup up and escaped code for safe sql inserts.

jsherk (jeff-forerunnertv) said on 2011-01-17:

Thanks TitanKing, that solved my question.

To post a message you must log in.

Ask a question

Edit question

PHPDevShell

Why use $this->security->post['var'] instead of $_POST['var']?

Question information

Related bugs

Related FAQ:

Subscribers