tags:

views:

302

answers:

2

Is this valid:

$_SESSION['pictures']['rateAlbum']['_POST'] = $_POST;

I want to save all of the POST data in the session in one shot.

edit: oh and what about the other way around:

$_POST = $_SESSION['pictures']['rateAlbum']['_POST'];
+1  A: 

yes you can... if you save $_POST in $_SESSION in session you'll have the same array as post...

You can also do the other way and save something to $_POST..

you can also do that (or, using $_SESSION):

   $_POST = array('field1' => 'val1',
       'field1' => 'val1',
       'field1' => 'val1',
       'fieldn' => 'valn');        
   $_SESSION=$_POST;

or

   $test="hi";
   $_SESSION['field1']="test";
   echo $$_SESSION['field1']; //this print hi       

PHP is really flexible and let you do almost everthing, obviously pay attention on security problem...

Marcx
A: 

you can use directly write below

$_SESSION['input_array']=$_POST[];

and if your $_POST['username']='Hello'; then $_SESSION['input_array']['username'] would display 'hello' and if $_POST['birthday']['year']='2002' then $_SESSION['input_array']['birthday']['year'] would display 2002

diEcho
Assume we're not using this $_POST or $_SESSION to access a database query (SQL Injection) or output data (XSS) is there anything they can $_POST that becomes a security issue? This is a real question as I've not seen anything about how maybe the PHP core can be compromised by blindly setting $_POST variables as a $_SESSION['somevar'] = 'somevalue' -> unless they can trigger an EXEC or something.
niggles
use `mysql_real_escape_string($_POST)` RECURSIVELY before assigning it to $_session
diEcho