$_POST just wondering

[asmith]

hey guys

it's been a while i'm using php , i'm coding ....

 

at the time i began till now , i always used POST variables just the way they were , for example :

 

$_POST[name] , $_POST[username] .

 

but i noticed that everyone else do this first before using them :

 

$name = $_POST[name];

$username = $_POST[username];

 

then they use $name and $username ....

 

i was just wondering why doing this ? 

 

( i hope the one and only answer will be "just to type , use , code easily !    if it has something to do with security or something i'll kick myself ! lol )

[rajivgonsalves]

Well I would say to type and use code properly also you might want to keep your $_POST array intact while change the variables that they are assigned too... however it does get me to think why we do it..

[asmith]

i've looked into 2 php5 books,  at the beginning of each coding they had done it too without any explanation ,  maybe it is just a behavior ?

as people learning php from books , they do it as they read on the books... maybe?

 

 

 

Well I would say to type and use code properly also you might want to keep your $_POST array intact while change the variables that they are assigned too.

 

good point  , but most codes i saw, never change the $_POST or the assigned variable .

[rajivgonsalves]

I feel its good practice more than anything...

[cooldude832]

its because 99% of the time the raw $_POST data has to be verified. and since  you cant manipulate the superglobal you reassign it

[mr_mind]

You may need to alter the posted item in such a way and not want to change the origional.

 

for exaple entering items into the db:

 

<?php
$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['pass']);
$qrry = mysql_query("SELECT * FROM users WHERE user='" . $user . "' AND $pass='" . $pass . "'");
?>

 

If you just used the raw data someone could post false information like this

 

user: admin

pass: ' OR ''=''

 

and you would have admin logged in without permission

[Northern Flame]

yea I always put the post data into variables because I know that I always end up

adding to the variables, such as mr_mind did,

and if you have each post variable written out in your script as $_POST['data'] it makes

it harder to edit each and every post data, but if you have it in a variable,

you can go back and just edit the variable once and it changes all of them.

[Johnain]

I am new to php as well. When I saw that people tend to do this I assumed that it was to speed processing, and to only have to do the isset once and manage for absence of post data only once.

 

John

[revraz]

It's also easier to deal with when you use it in strings that require double and single quotes.

[Daniel0]

and since you cant manipulate the superglobal you reassign it

 

Uh... yes you can.

 

Edit: Oh, and asmith, take a look at http://php.net/types.array#language.types.array.foo-bar

 

Edit 2: I don't see any point in reassigning the variables if you do nothing to them, I hate when people do like this:

<?php
$param1 = $_GET['param1'];
$param2 = $_GET['param2'];
// ...
$param15 = $_GET['param15'];
$param16 = $_GET['param16'];

// do stuff...
?>

[mr_mind]

yes but what about this. If you have the $_POST variable echoed a whole bunch of times in your script and you change the name of your post variable or anything in that area you need to change it throughout your entire script. if you assign it a variable at the begining of the script then you dont.

[Daniel0]

IMO if you have to do that (echo it out a lot of times) then you haven't designed the code properly. Otherwise your editor will still have a search-replace function.