Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 265
  • Last Modified:

Using $_POST like a regular variable

If I use $_POST variables like  regular variables (see below), does this create a problem?

1. Performance problem?
2. Security problem?
$_POST['filter'.$z]="CF".$z.".FIELDID=".$_POST['filter'.$z];

Open in new window

0
myyis
Asked:
myyis
  • 2
2 Solutions
 
Ray PaseurCommented:
$_POST is a regular variable.  It contains external data, which is by definition tainted, therefore you want to study and understand the PHP security implications.  There are no performance implications at all.

References:
http://php.net/manual/en/language.variables.superglobals.php
http://php.net/manual/en/reserved.variables.post.php
http://php.net/manual/en/language.variables.external.php
0
 
Ray PaseurCommented:
But that said, now that I look at your code sample, you might want to consider a design change.  Instead of re-using the $_POST array for this, consider using an array with a different name, such as $safe_post.  I believe this will lead to less confusion about the contents of your variables.
0
 
Dave BaldwinFixer of ProblemsCommented:
On all my many PHP form processing pages, I Never use the $_POST variables directly except for checking them and assigning them to 'regular' variables.  If you use $_POST directly, when things like checkboxes do not have values if they are not checked, you get an "undefined index" error.  All my $_POST data gets at least this processing to eliminate the "undefined index" error.
if (!isset($_POST['fname'])){$fname = "";} else {$fname = $_POST['fname'];}

Open in new window

0
 
Dave HoweSoftware and Hardware EngineerCommented:
yup. $_POST is unfiltered user input, and can contain ANYTHING - best not to trust, but sanitize appropriately before use :)
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now