Home/ Questions/Q 7176385
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T16:29:46+00:00

I’ve just completed my registration form for my website and for the action page

  • 0

I’ve just completed my registration form for my website and for the action page where all the SQL takes place I’ve just skipped assigning the POST variable to actual ones, like this…

$username = $_POST[‘username’];

Instead I’ve just been using the POST variables throughout the PHP page. Are there any risks or errors that can be met whilst practicing?

Also, excuse me if I am using incorrect terminology…

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    One risk you might be running is dealing with raw user data, still saved in the raw $_POST[] variable. I tend to save all the raw data I work with to other variables, like you mentioned with $username = $_POST['username'] so I can manipulate and sanitize that input more efficiently. Rather than save any adjustments I make to the global $_POST array, all my changes are saved temporarily and at a more manageable scope.

    For example:

    $username = mysql_real_escape_string($_POST['username']);

    … is better than:

    $_POST['username'] = mysql_real_escape_string($_POST['username']);

    It’s generally better to leave the raw user data as is and make your adjustments in other variables.

    • 0