Safely extracting variables in PHP
by Amit Arora
Published: August 7, 2003
User Rating: 7.7 (20 votes)

» Code
Page Page » 1 2 3 4 5

Issues

  1. Be sure to sent the parameters as recommended, because SafeExtract() doesn't check for errors (as it was written with performace in mind). If you don't unexpected results may occur and could prove counter-productive to use of SafeExtract()
  2. In certain versions of the PHP, if the variable passed as array, say

    Order <input type='text' name='order[]' value='' />

    then using SafeExtract() as following

    SafeExtract( array( 'post' => array('order') ) );

    may not create a variable $order as desired.[br]

    I am following the issue. And will post an update, as soon as I track it and solve it. In the meantime, if you wish to use the arrays as passing variable, you may use something like this

    $order = (isset($_POST['order']) ? $_POST['order'] : array() );

  3. Using SafeExtract() will in itself not make your script or application completely secure. SafeExtract() doesn't solve all the security issues but may be able to provide solution to couple of them. So do not have a false sense of security, as it is the primary reason of security lapses.
» Code
Page Page » 1 2 3 4 5

About

Amit Arora is web developer with expertise in developing eCommerce enabled websites for the businesses.

Contact | Resume

Subscribe to newsletter




Get Firefox

Monitored by Site24x7
Uptime