Is using extract($_POST) insecure?

Question

Is using extract($_POST) insecure? If yes then what can I do about this?

Answer 1

From the php documentation:

Do not use extract() on untrusted data, like user input (i.e. $_GET, $_FILES, etc.). If you do, for example if you want to run old code that relies on register_globals temporarily, make sure you use one of the non-overwriting extract_type values such as EXTR_SKIP and be aware that you should extract in the same order that's defined in variables_order within the php.ini.

The recommended practice is to use $_POST[] directly, so that users of your site can not set variables that should be 'safe'