On 11 Mar 2004 Mike Mapsnac wrote:
> I'm looking for "nice" way to get variables from POST?
Well you can do it easily with extract:
extract($_POST);
This has the same security risks as turning register_globals on, it
allows hackers to set any variable they wish.
A better method might be:
extract($_POST, EXTR_PREFIX_ALL, "p");
which results in $p_username, $p_password, etc. This still allows
insertion of variables but they will all be prefixed with "p_" which
hopefully you aren't using for anything else.
If you want to restrict it to only the specific values you care about
use the approach someone else suggested with the $fields array. THat
seems the safest to me.
--
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
