Is using extract($_POST) insecure?

Question

Is using extract($_POST) insecure? If yes then what can I do about this?

Answer 1

Yes it is. It is the same thing that register_globals was. It means that if someone inject a value with the name "my_name" the variable "my_name" would exist. And if it exists, it can bring some garbage or security issue in your script if somewhere you use the variable $my_name