Solved

Using  $_POST like a regular variable

Posted on 2014-09-24
4
250 Views
Last Modified: 2014-09-24
If I use $_POST variables like  regular variables (see below), does this create a problem?

1. Performance problem?
2. Security problem?
$_POST['filter'.$z]="CF".$z.".FIELDID=".$_POST['filter'.$z];

Open in new window

0
Comment
Question by:myyis
  • 2
4 Comments
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 300 total points
ID: 40341365
$_POST is a regular variable.  It contains external data, which is by definition tainted, therefore you want to study and understand the PHP security implications.  There are no performance implications at all.

References:
http://php.net/manual/en/language.variables.superglobals.php
http://php.net/manual/en/reserved.variables.post.php
http://php.net/manual/en/language.variables.external.php
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40341676
But that said, now that I look at your code sample, you might want to consider a design change.  Instead of re-using the $_POST array for this, consider using an array with a different name, such as $safe_post.  I believe this will lead to less confusion about the contents of your variables.
0
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 200 total points
ID: 40341763
On all my many PHP form processing pages, I Never use the $_POST variables directly except for checking them and assigning them to 'regular' variables.  If you use $_POST directly, when things like checkboxes do not have values if they are not checked, you get an "undefined index" error.  All my $_POST data gets at least this processing to eliminate the "undefined index" error.
if (!isset($_POST['fname'])){$fname = "";} else {$fname = $_POST['fname'];}

Open in new window

0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40341834
yup. $_POST is unfiltered user input, and can contain ANYTHING - best not to trust, but sanitize appropriately before use :)
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
This article discusses four methods for overlaying images in a container on a web page
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now