Home/ Questions/Q 8255877
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T01:40:38+00:00

I am thinking of making a loop to gather all my $_POST variables and

  • 0

I am thinking of making a loop to gather all my $_POST variables and assign them to dynamically named variables.Something like this (not tested)

 for($i; $i <= $_POST[].length; $i++){
  ${$_POST[i]} = $_POST[i]
  }

But I am wondering about the security of something like this. This would then create a variable in the system for every bit of post data sent to the page. Can that variable be damaging even if the script I write doesn’t reference it? Is this the type of thing I should avoid entirely? I have some pages that send quite a few variables and a script like this would prevent a whole lot of writing, but is it safe enough?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yes there can be security concerns/problems, for example one could overwrite any local variables which are already set, like database, config values ect.

    So something like this should be avoided:

    $yourImportantVar = 'Something relies on this';

//User POSTS yourImportantVar=overwritten
foreach ($_POST as $key => $value) {
    $$key = $value; 
}
echo $yourImportantVar; //overwritten

    But if you want to implement a loop to save a chunk of code, you could create an allowed array which you loop over and extract out the value from the $_POST.

    foreach (array(
    'name',
    'address',
    'somethingelse',
    'ect'
) as $key) {
    $$key = isset($_POST[$key]) ? $_POST[$key] : null;
}
    • 0