1

My PHP script processes some POST variables.

Instead of manually naming each variable

$name = $_POST['name'];
$email = $_POST['account'];

I'd like my script to grab all the variable names from the $_POST array and automatically create variables with those names, e.g. (not code, just illustrating the principle)

foreach ($_POST as $name => $value) {
    $[$name] = $value;
}

Is something like that possible?

Anand Solanki
  • 3,419
  • 4
  • 16
  • 27
  • Yes you can do like this .... – Anand Solanki Apr 11 '14 at 09:00
  • 5
    It's called variable name variable. Code in your loop should be `$$name = $value;`. However, don't do it. – N.B. Apr 11 '14 at 09:00
  • @N.B. Thank you. Why shouldn't I do it? –  Apr 11 '14 at 09:01
  • you sir, search for register_globals, it has been turned off and removed from php forever for good reason, security and stuff http://stackoverflow.com/questions/1417373/why-is-register-globals-so-bad – Joshua Apr 11 '14 at 09:02
  • Because you can overwrite variables you declared before, which can (and definitely will) lead to undesired behaviour. – N.B. Apr 11 '14 at 09:05

5 Answers5

2

You can use the extract function for this. But there is a risk, because you cannot know what data is posted, and it will create or overwrite variables in the scope in which you call it, possibly leading to unexpected behaviour.

You can partially counter this, using one of the flags for extract, for instance:

extract($_POST, EXTR_SKIP);

Anyway, make sure to read the two warnings (red block) on the documentation page of this function. And of course, the same warning applies when you do this using your own foreach loop, so answers suggesting that are no more secure.

GolezTrol
  • 114,394
  • 18
  • 182
  • 210
1

There is extract function in php:

extract($_POST);
xdazz
  • 158,678
  • 38
  • 247
  • 274
1

This is a very bad idea because it allows a user to create any variable in your PHP script (within the scope that it this code is used). Take for example if you have a $debugging flag:

$debugging = false;

foreach ($_POST as $name => $value) {
    $$name = $value;
}

// some time later, we do a query and output the SQL if debugging
if($debugging){
    echo $sql;
}

What if a malicious user submitted an input called debugging with a value of 1? Your debugging flag would be changed and the user could see sensitive debug data.

MrCode
  • 63,975
  • 10
  • 90
  • 112
0

You can do this with variable variables as follows:

foreach ($_POST as $name => $value) {
    $$name = $value;
}

You can also use the following format if you want to muck about with the variable names some more:

foreach ($_POST as $name => $value) {
    ${$name.'_1'} = $value;
}

There are comments here saying don't use variable variables - mainly because they are hard as heck to troubleshoot, make it damn hard for others to read your code and will (for the most part) create more headaches than they solve.

Fluffeh
  • 33,228
  • 16
  • 67
  • 80
0

Try this (which is a bad practice):

foreach ($_POST as $name => $value) {
    $$name = $value;
}
Guns
  • 2,678
  • 2
  • 23
  • 51