top | item 7936787

(no title)

ohwp | 11 years ago

First: this could result in:

  echo $blah; // hi <script>alert('foo');</script>

But maybe it's just because you posted an example...

Second: it will double the memory used.

Third: you can't use the variables global anymore

discuss

cstrat|11 years ago

Like you said, I wouldn't use it without first cleaning the input. I guess I use it more out of habit and preferring a straight variable to an array... just feels neater.

Good point on the memory, but I wouldn't think thats a big issue. I haven't tested right now, but I dont remember ever having issues using the $_GET variable after exporting? Not sure if thats what you meant.

innocenat|11 years ago

If I am not mistaken, PHP is copy-on-write, so if extract just copy value then memory usage wouldn't be doubling.