> You can use $this->_getParam('key', 'default'); in a Controller, because
> _getParam() use the Request->getParam() method, which tries first to
> load the param from the url, then from $_GET and after this from $_POST.
If $this->_getParam() looks at the URL, GET and POST isn't it a potential
security issue to use it for POST variables since you don't know exactly
where your input variables are coming from?
Seems rather similar to $_REQUEST to me which should also be avoided for
similar reasons -
http://shiflett.org/articles/ideology
A quick look at the (nicely growing) manual it seems you can do the
following which does the job nicely for POST variables:
$myVar = $this->getPost('name');
(See API docs / Zend_Controller_Request_Http for more)
There do seem to be a lot of methods that return variables from GET, POST,
COOKIE, etc. I think it would be a good idea to mention the security
implications of depending on these in the manual..
Si
