Safely extracting variables in PHP
Published: August 7, 2003
User Rating: 7.7 (20 votes)
Issues
- Be sure to sent the parameters as recommended, because
SafeExtract()
doesn't check for errors (as it was written with performace in mind). If you don't unexpected results may occur and could prove counter-productive to use ofSafeExtract()
- In certain versions of the PHP, if the variable passed as array, say
Order <input type='text' name='order[]' value='' />
then usingSafeExtract()
as followingSafeExtract( array( 'post' => array('order') ) );
may not create a variable$order
as desired.[br]I am following the issue. And will post an update, as soon as I track it and solve it. In the meantime, if you wish to use the arrays as passing variable, you may use something like this
$order = (isset($_POST['order']) ? $_POST['order'] : array() );
- Using
SafeExtract()
will in itself not make your script or application completely secure.SafeExtract()
doesn't solve all the security issues but may be able to provide solution to couple of them. So do not have a false sense of security, as it is the primary reason of security lapses.
About
Amit Arora is web developer with expertise in developing eCommerce enabled websites for the businesses.

Monitored by Site24x7
Uptime