> Is it not true that $HTTP_POST_VARS is more secure than $_POST, even though > the latter is a superglobal? Doesn't the former acount for un-updated > server versions?
> If it isn't, what disadvantage is there to using $HTTP_POST_VARS? Why > should one use $_POST instead? No, $HTTP_xxx is not "more secure". Please read http://php.net/variables.predefined If you're working on a server which is older than PHP4.1.0, then you'll have to use the older $HTTP stuff. If not, you're encouraged to use the newer superglobal form. The $HTTP stuff is disabled by default in PHP5. In terms of backward compatability I'd still advise you to use the newer form, there are very few hosts that still run php4.1.0 (because it has many dangerous bugs). > (P.S.: Aidan Lister, this may be a dumb question, but please don't bother > responding.) Please, you asked a stupid question and got done for it - let's put the past behind us. Hope this helps. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
