Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is using extract($_POST) insecure?

Tags:

security

php

Is using extract($_POST) insecure? If yes then what can I do about this?

like image 627
Qiang Avatar asked Sep 05 '25 03:09

Qiang

1 Answers

Yes it is. It is the same thing that register_globals was. It means that if someone inject a value with the name "my_name" the variable "my_name" would exist. And if it exists, it can bring some garbage or security issue in your script if somewhere you use the variable $my_name

like image 196
artragis Avatar answered Sep 07 '25 21:09

artragis
Sign in to Comment

Related questions

How to get the data from PUT HTTP Request (form-data)
Directus API : how to filter the results
Keccak-256 in PHP
Display product custom fields in cart next to each item name in Woocommerce
Asynchronous PHP Query with Ajax?
PHP: What if I call a static method in non-static way
How to store configuration settings for web app?
Upload Ajax file in yii2
IP address and the timestamp storage
Doctrine force event on parent entity?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!