Safely extracting variables in PHP
Published: August 7, 2003
User Rating: 7.7 (20 votes)
- Be sure to sent the parameters as recommended, because
SafeExtract()doesn't check for errors (as it was written with performace in mind). If you don't unexpected results may occur and could prove counter-productive to use of
- In certain versions of the PHP, if the variable passed as array, say
Order <input type='text' name='order' value='' />then using
SafeExtract( array( 'post' => array('order') ) );may not create a variable
I am following the issue. And will post an update, as soon as I track it and solve it. In the meantime, if you wish to use the arrays as passing variable, you may use something like this
$order = (isset($_POST['order']) ? $_POST['order'] : array() );
SafeExtract()will in itself not make your script or application completely secure.
SafeExtract()doesn't solve all the security issues but may be able to provide solution to couple of them. So do not have a false sense of security, as it is the primary reason of security lapses.