PHP 5.3 is moving away from using global predefined variables such as $ _POST to avoid vulnerabilities.
The problem, as I understand it, is that programmers who have never had to use $ _POST or $ _GET could treat it like any other variable and open themselves up to security risks.
I have not yet discovered the “right” way to get $ _POST data, but the method I use seems pretty sanitary.
<?php parse_url(file_get_contents("php://input"), $_POST);
This transfers the parsed HTTP POST string to the $ _POST variables
user1864983
source share