> You can use $this->_getParam('key', 'default'); in a Controller, because > _getParam() use the Request->getParam() method, which tries first to > load the param from the url, then from $_GET and after this from $_POST.
If $this->_getParam() looks at the URL, GET and POST isn't it a potential security issue to use it for POST variables since you don't know exactly where your input variables are coming from? Seems rather similar to $_REQUEST to me which should also be avoided for similar reasons - http://shiflett.org/articles/ideology A quick look at the (nicely growing) manual it seems you can do the following which does the job nicely for POST variables: $myVar = $this->getPost('name'); (See API docs / Zend_Controller_Request_Http for more) There do seem to be a lot of methods that return variables from GET, POST, COOKIE, etc. I think it would be a good idea to mention the security implications of depending on these in the manual.. Si