php: Save the entire $_POST variable in the session

php session post

10,446

Solution 1

yes you can... if you save $_POST in $_SESSION in session you'll have the same array as post...

You can also do the other way and save something to $_POST..

you can also do that (or, using $_SESSION):

   $_POST = array('field1' => 'val1',
       'field1' => 'val1',
       'field1' => 'val1',
       'fieldn' => 'valn');        
   $_SESSION=$_POST;

   $test="hi";
   $_SESSION['field1']="test";
   echo $$_SESSION['field1']; //this print hi

PHP is really flexible and let you do almost everthing, obviously pay attention on security problem...

Solution 2

you can use directly write below

$_SESSION['input_array']=$_POST[];

and if your $_POST['username']='Hello'; then $_SESSION['input_array']['username'] would display 'hello' and if $_POST['birthday']['year']='2002' then $_SESSION['input_array']['birthday']['year'] would display 2002

10,446

Author by

Nathan H

Soluto #SOreadytohelp

Updated on June 05, 2022

Comments

Nathan H almost 2 years
Is this valid:
```
$_SESSION['pictures']['rateAlbum']['_POST'] = $_POST;
```
I want to save all of the POST data in the session in one shot.

edit: oh and what about the other way around:
```
$_POST = $_SESSION['pictures']['rateAlbum']['_POST'];
```
niggles about 14 years

Assume we're not using this $_POST or $_SESSION to access a database query (SQL Injection) or output data (XSS) is there anything they can $_POST that becomes a security issue? This is a real question as I've not seen anything about how maybe the PHP core can be compromised by blindly setting $_POST variables as a $_SESSION['somevar'] = 'somevalue' -> unless they can trigger an EXEC or something.
Anton about 14 years

use mysql_real_escape_string($_POST) RECURSIVELY before assigning it to $_session