Rethinking extract() By Convention
January 20th, 2006Since posting Learn To extract(); I have gotten a lot of great criticism that has helped me revise my thinking of the uses for extract(). Along with reading The Problem With ‘extract’ on SitePoint - here is my conclusion to when/where to use extract.
Thanks to Danny, Oscar, Sandy, Ed, and Mitchell for their insights on the proper use of extract().
It appears that I was late in coming to the game on problems with extract. Per SitePoint:
Using extract() is a confusing code practice leads to real problems in the overall security of code. The harder code is to read, the harder it is to debug or review and the easier it is to inadvertantly introduce security holes.
So I stand corrected: I am hard pressed to find any real reason why one would want to use extract to surmount the security and coding concerns, as it really doesn’t gain you anything. Sure, it might be less to type out ($Variable vs. $Array[’Variable’]), but is it really worth all the confusion? My new opinion? Nope.
January 20th, 2006 at 9:45 am
Thanks for so rationally and quickly responding! One of the great things about PHP is that it does have a lot of very convenient functions that can really speed up development. At the same time, its easy to use these conveniences without knowing or thinking about the ramifications. The comment threads in the PHP manual are good for discovering them and other odd behaviors for a given function.
January 20th, 2006 at 9:53 am
Personally I am trying to improve myself and help others along the way. So if there is somethin errant I defiently request any of my readers or mentors to let me know. And i should have researched into extract more - I just happened to be needing something that would do what it did for a project and just plopped it into the code. I guess I’ll be back at the drawing board to rework that app flow.