krycek
03-26-2003, 02:16 AM
Hmmm, seems like only yesterday that the PHP site was harping on about how we should use $HTTP_POST_VARS and friends instead of the equivalent $_POST - at least, I think they were, or maybe I got confused.
Now it seems that $_POST style is recommended over $HTTP_POST_VARS style, in part because the $_POST style ones are apparently superglobals...? Hmmm...
Any thought on this, anyone? Which are you "supposed" to use (both are supported) plus the advantages etc.
I have found in some cases I have had to declare $_POST inside a function, which I should not have to do, and of course that tends to muck things up a bit, which is why perhaps I should stick to the other way...?
::] krycek [::
whitty
03-26-2003, 04:10 AM
Use $_POST because like you said it's superglobal. In new versions of php register globals are turned off be default.
Here is what php.net has to say about them both
Note: Introduced in 4.1.0. In earlier versions, use $HTTP_POST_VARS.
An associative array of variables passed to the current script via the HTTP POST method. Automatically global in any scope.
This is a 'superglobal', or automatic global, variable. This simply means that it is available in all scopes throughout a script. You don't need to do a global $_POST; to access it within functions or methods, as you do with $HTTP_POST_VARS.
$HTTP_POST_VARS contains the same initial information, but is not an autoglobal. (Note that HTTP_POST_VARS and $_POST are different variables and that PHP handles them as such)
If the register_globals directive is set, then these variables will also be made available in the global scope of the script; i.e., separate from the $_POST and $HTTP_POST_VARS arrays. For related information, see the security chapter titled Using Register Globals. These individual globals are not autoglobals
krycek
03-26-2003, 04:14 AM
kinda like I thought, then :) cheers! :thumbsup:
::] krycek [::
firepages
03-27-2003, 04:15 AM
pre $_POST users were encouraged to use $HTP_POST_VARS as a secure alternative to $post_variable.
"I have found in some cases I have had to declare $_POST inside a function"
then you have issues elsewhere , $_POST is always global in scope ... note that
$_POST['variable']
and
$_POST[variable]
are in fact 2 different variables which does sometimes cause confusion , especially when $_POST[variable] will take on the value of $_POST['variable'] (if exists) if 'variable' is not defined.
