Solved

Using  $_POST like a regular variable

Posted on 2014-09-24
4
258 Views
Last Modified: 2014-09-24
If I use $_POST variables like  regular variables (see below), does this create a problem?

1. Performance problem?
2. Security problem?
$_POST['filter'.$z]="CF".$z.".FIELDID=".$_POST['filter'.$z];

Open in new window

0
Comment
Question by:myyis
  • 2
4 Comments
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 300 total points
ID: 40341365
$_POST is a regular variable.  It contains external data, which is by definition tainted, therefore you want to study and understand the PHP security implications.  There are no performance implications at all.

References:
http://php.net/manual/en/language.variables.superglobals.php
http://php.net/manual/en/reserved.variables.post.php
http://php.net/manual/en/language.variables.external.php
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 40341676
But that said, now that I look at your code sample, you might want to consider a design change.  Instead of re-using the $_POST array for this, consider using an array with a different name, such as $safe_post.  I believe this will lead to less confusion about the contents of your variables.
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 200 total points
ID: 40341763
On all my many PHP form processing pages, I Never use the $_POST variables directly except for checking them and assigning them to 'regular' variables.  If you use $_POST directly, when things like checkboxes do not have values if they are not checked, you get an "undefined index" error.  All my $_POST data gets at least this processing to eliminate the "undefined index" error.
if (!isset($_POST['fname'])){$fname = "";} else {$fname = $_POST['fname'];}

Open in new window

0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40341834
yup. $_POST is unfiltered user input, and can contain ANYTHING - best not to trust, but sanitize appropriately before use :)
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question