Solved

Using  $_POST like a regular variable

Posted on 2014-09-24
4
255 Views
Last Modified: 2014-09-24
If I use $_POST variables like  regular variables (see below), does this create a problem?

1. Performance problem?
2. Security problem?
$_POST['filter'.$z]="CF".$z.".FIELDID=".$_POST['filter'.$z];

Open in new window

0
Comment
Question by:myyis
  • 2
4 Comments
 
LVL 109

Assisted Solution

by:Ray Paseur
Ray Paseur earned 300 total points
ID: 40341365
$_POST is a regular variable.  It contains external data, which is by definition tainted, therefore you want to study and understand the PHP security implications.  There are no performance implications at all.

References:
http://php.net/manual/en/language.variables.superglobals.php
http://php.net/manual/en/reserved.variables.post.php
http://php.net/manual/en/language.variables.external.php
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 40341676
But that said, now that I look at your code sample, you might want to consider a design change.  Instead of re-using the $_POST array for this, consider using an array with a different name, such as $safe_post.  I believe this will lead to less confusion about the contents of your variables.
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 200 total points
ID: 40341763
On all my many PHP form processing pages, I Never use the $_POST variables directly except for checking them and assigning them to 'regular' variables.  If you use $_POST directly, when things like checkboxes do not have values if they are not checked, you get an "undefined index" error.  All my $_POST data gets at least this processing to eliminate the "undefined index" error.
if (!isset($_POST['fname'])){$fname = "";} else {$fname = $_POST['fname'];}

Open in new window

0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40341834
yup. $_POST is unfiltered user input, and can contain ANYTHING - best not to trust, but sanitize appropriately before use :)
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP Query return divisible by 3 3 26
How to fix Datetime in MySQL? 4 48
Moving from Mcrypt to OpenSSL 18 45
Ajax and PHP 9 29
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question