It will only get it from the uri query. To get either one, you use $_REQUEST. To get the uri query only, you use $_GET ($HTTP_GET_VARS is depreciated)

predefined variables [us2.php.net]

well i'm looking at the source code for oscommerce 2.2 and it is using $HTTP_POST_VARS all over the place.

And the usage is on a POST, I just wanted to know if it looks at the querystring also? (it doesn't seem to be when I play around with the URL).

Here is the code from application_top.php:

 // customer wants to update the product quantity in their shopping cart
   case 'update_product' : for ($i=0, $n=sizeof($HTTP_POST_VARS['products_id']); $i<$n; $i++) {
                if (in_array($HTTP_POST_VARS['products_id'][$i], (is_array($HTTP_POST_VARS['cart_delete'])? $HTTP_POST_VARS['cart_delete'] : array()))) {
                 $cart->remove($HTTP_POST_VARS['products_id'][$i]);
                } else {
                 if (PHP_VERSION < 4) {
                  // if PHP3, make correction for lack of multidimensional array.
                  reset($HTTP_POST_VARS);
                  while (list($key, $value) = each($HTTP_POST_VARS)) {
                   if (is_array($value)) {
                    while (list($key2, $value2) = each($value)) {
                     if (ereg ("(.*)\]\[(.*)", $key2, $var)) {
                      $id2[$var[1]][$var[2]] = $value2;
                     }
                    }
                   }
                  }
                  $attributes = ($id2[$HTTP_POST_VARS['products_id'][$i]])? $id2[$HTTP_POST_VARS['products_id'][$i]] : '';
                 } else {
                  $attributes = ($HTTP_POST_VARS['id'][$HTTP_POST_VARS['products_id'][$i]])? $HTTP_POST_VARS['id'][$HTTP_POST_VARS['products_id'][$i]] : '';
                 }
                 $cart->add_cart($HTTP_POST_VARS['products_id'][$i], $HTTP_POST_VARS['cart_quantity'][$i], $attributes, false);
                }
               }
               tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));
               break;

[edited by: AffiliateDreamer at 1:27 am (utc) on June 20, 2007]

$HTTP_POST_VARS is for POST variables, not GET (uri query) variables. The script you are looking at is probably older, and that is why it uses the depreciated globals. As I said earlier, $_REQUEST is the only super global that will retrieve both GET and POST variables.

keep in mind when using $_REQUEST, which I do not recommend, is that it also includes $_COOKIE vars. You can get variable corruption when using $_REQUEST

from
[php.net...]

Variables provided to the script via the GET, POST, and COOKIE input mechanisms, and which therefore cannot be trusted. The presence and order of variable inclusion in this array is defined according to the PHP variables_order configuration directive.

Thanks for clearing that up guys.