quick way to put $_POSTs in to variables

[unistake]

is there a quick way to put $_POSTs in to variables securely without using

extract($_POST); !!?

 

the only other way i know is

 

$user = $_POST['user'];

$reg = $_POST['reg'];

etc etc

 

are there any other ways. eg put all $_POSTS in to one array or something?

cheers once again

[gevans]

$post_array = $_POST;

[unistake]

$post_array = $_POST;

ok, then can you explain what? would it be

 

like $post_array[user]

and $post_array[reg]

 

thanks

[.josh]

well if you're not going to validate them, then why not just do extract?

[.josh]

$post_array = $_POST;

 

really.  What is the difference between doing that and just using $_POST?

[gevans]

Nothing, but the question was to put $_POST into an array.

[unistake]

dont ask me!

 

gevans:

i am going to put the variables in to a INSERT query and send to mysql.

 

I dont really have a clue with arrays and how they work. Ive just been told that extract $_POST is dangerous and creates an open door.

do you have any ideas for what i need to do?

 

I have lots of posted information, that i need to put in to an INSERT query

 

[gevans]

If you want to secure everythig quickly use something like this (assuming their all strings);

 

<?php
foreach($_POST as $key => $value) {
$post_array[$key] = mysql_real_escape_string($value);
}

[unistake]

that looks good, i'll give it a go thanks gevan

[unistake]

.

 

[gevans]

That would put each value into its own variable, but it will not have escaped anything. This will not be secure against sql injection

[unistake]

That would put each value into its own variable, but it will not have escaped anything. This will not be secure against sql injection

 

ok cheers. i'll give yours a try