Is using extract($_POST) insecure?

Question

Is using extract($_POST) insecure? If yes then what can I do about this?

Answer 1

Yes it is insecure. Any one can override your local variables (for example $password or $access_level).

I recommend declaring and assigning your own local variables like this:

$var1 = isset($_POST['field_1'])?$_POST['field_1']:null;
$var2 = isset($_POST['field_2'])?$_POST['field_2']:null;
$var3 = isset($_POST['field_3'])?$_POST['field_3']:null;