[eluser]Michael Wales[/eluser]
After validation the following 3 ways of accessing your post variables are
identical:
Code:
$_POST['var'];
$this->input->post('var');
$this->validation->post;
With Global XSS filtering on, but not using validation, I believe only the first 2 are identical (as the 3rd would not exist).
Personally, I use $this->input->post() for everything - simply for future-compatibility. What if a security feature is added to the input class but doesn't make it's way into the sanitizing of the $_POST array? This is a much more likely scenario than vice-versa ($_POST[] gets the security update but INPUT does not).