$$key = $value?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I'm reading articles on how to validate forms, and happened on the
following section:

    foreach($_POST as $key=>$value) {
      $$key = $value;

http://www.phphacks.com/content/view/31/33 /

What does "$$key=$value" do?

Thank you.

Re: $$key = $value?

Quoted text here. Click to load it

$$key is a variable variable:

Basically what this does is sets a variable name with the key in
$__POST as the name.  For example, if your $_POST superglobal looked

$_POST = array ( 'firstName' => 'Steve',
                 'usenet'=> 'ElintPimp');

Than you run it through this function, it produces tow variables:
$fistName = 'Steve';
$usenet = 'ElintPimp';

Two problems with this function:
1)  There is a function to do this - extract()
2)  Both what that foreach loop and the extract() function are
potential security problems.  I'll copy what is said about this from

"Do not use extract() on untrusted data, like user-input ($_GET, ...).
If you do, for example, if you want to run old code that relies on
register_globals  temporarily, make sure you use one of the non-
overwriting extract_type  values such as EXTR_SKIP and be aware that
you should extract in the same order that's defined in variables_order
within the php.ini."



Re: $$key = $value?

On Mon, 24 Mar 2008 03:20:06 -0700 (PDT), ELINTPimp
Quoted text here. Click to load it

Thanks for the answer.

Site Timeline