01-24-2003, 02:54 AM
I was just wondering if there is a certain way that you are definitely supposed to use variables passed to a script from a form. I usually just call the variable using the name of the form field such as $email.
But I noticed that most people seem to use either $_POST['email']
My question is, does it actually make a difference? Is there a good reason why I would want to use one of the longer versions rather than the way I do it? As always, thanks for the input.
01-24-2003, 12:10 PM
It makes it more secure. For example, assume that you had the form going to form.php. I could go to www.domain.com/form.php?email=whatever and it'd process it.....
01-24-2003, 12:26 PM
It also improves readability of your good immensely. Think of a script, 500 lines long, that you haven't touched a year long. Then you suddenly need to make some changes to it, and you run into a bunch of undeclared variables that seem to come from anywhere. No indication (if you don't explicitly comment this) is left *where* the variables come from - GET, POST, cookies, session, server environment... no one knows for sure unless you take the burden of testing this script in a context it's normally used.
Compared against $_POST, it's immediately clear where the variable is supposed to come from. Plus, the new $_POST|GET|etc. predefined variables are super-globals, which means you can access them in functions without the need to import them with the "global" keyword.
01-24-2003, 06:42 PM
Awesome. Thanks for the info. I knew there had to be a reason I just couldn't think of what it was.