form variables

[misterx]

I was just wondering if there is a certain way that you are definitely supposed to use variables passed to a script from a form. I usually just call the variable using the name of the form field such as $email.

But I noticed that most people seem to use either $_POST['email']

or

$HTTP_POST_VARS['email']

My question is, does it actually make a difference? Is there a good reason why I would want to use one of the longer versions rather than the way I do it? As always, thanks for the input.

[Jeewhizz]

It makes it more secure. For example, assume that you had the form going to form.php. I could go to www.domain.com/form.php?email=whatever and it'd process it.....

Jee

[mordred]

It also improves readability of your good immensely. Think of a script, 500 lines long, that you haven't touched a year long. Then you suddenly need to make some changes to it, and you run into a bunch of undeclared variables that seem to come from anywhere. No indication (if you don't explicitly comment this) is left *where* the variables come from - GET, POST, cookies, session, server environment... no one knows for sure unless you take the burden of testing this script in a context it's normally used.
Compared against $_POST, it's immediately clear where the variable is supposed to come from. Plus, the new $_POST|GET|etc. predefined variables are super-globals, which means you can access them in functions without the need to import them with the "global" keyword.

[misterx]

Awesome. Thanks for the info. I knew there had to be a reason I just couldn't think of what it was.