Is it preferred to assign POST variable to an actual variable?

Question

I\'ve just completed my registration form for my website and for the action page where all the SQL takes place I\'ve just skipped assigning the POST variable to actual ones, lik

Answer 1

One risk you might be running is dealing with raw user data, still saved in the raw $_POST[] variable. I tend to save all the raw data I work with to other variables, like you mentioned with $username = $_POST['username'] so I can manipulate and sanitize that input more efficiently. Rather than save any adjustments I make to the global $_POST array, all my changes are saved temporarily and at a more manageable scope.

For example:

$username = mysql_real_escape_string($_POST['username']);

... is better than:

$_POST['username'] = mysql_real_escape_string($_POST['username']);

It's generally better to leave the raw user data as is and make your adjustments in other variables.