extract in php

59

<?php
$mystring = 'abc';
$findme   = 'a';
$pos = strpos($mystring, $findme);

// Note our use of ===.  Simply == would not work as expected
// because the position of 'a' was the 0th (first) character.
if ($pos === false) {
    echo "The string '$findme' was not found in the string '$mystring'";
} else {
    echo "The string '$findme' was found in the string '$mystring'";
    echo " and exists at position $pos";
}
?>

<?php
$array = array("size" => "XL", "color" => "gold");
print_r(array_values($array));
?>

I find that it is only bad practice in that it can lead to a number of variables
which future maintainers (or yourself in a few weeks) have no idea where 
they are coming from. 

Consider this scenario:

extract($someArray); // could be $_POST or anything

/* snip a dozen or more lines */

echo $someVariable;
Where did $someVariable come from? How can anyone tell?

I dont see the problem in accessing the variables from within the array they 
started in, so you would really need to present a good case for using extract() 
for me to think it is worth it. If you are really concerned about typing out 
some extra characters then just do this:

$a = $someLongNameOfTheVariableArrayIDidntWantToType;

$a['myVariable'];

I think the comments here on the security aspects of it are overblown somewhat.
The function can take a second parameter that actually gives you fairly good 
control over the 
newly created variables, including not overwriting any existing variables
(EXTR_SKIP), ONLY overwriting existing variables (so you can create a whitelist)
(EXTR_IF_EXISTS), or adding prefixes to the variables (EXTR_PREFIX_ALL).

Comments

Submit
0 Comments