Bird
0
0

Why might using extract on user-supplied data be risky in PHP?

hard📝 Conceptual Q10 of 15
PHP - Array Functions
Why might using extract on user-supplied data be risky in PHP?
AIt converts arrays to strings unexpectedly
BIt can overwrite important variables and cause security issues
CIt always causes syntax errors
DIt deletes existing variables silently
Step-by-Step Solution
Solution:

  1. Step 1: Understand extract risks

    extract creates variables from array keys, which can overwrite existing variables if not controlled.

  2. Step 2: Consider user input

    User-supplied data may contain keys matching sensitive variable names, leading to security risks.

  3. Final Answer:

    It can overwrite important variables and cause security issues -> Option B

  4. Quick Check:

    extract can overwrite variables, causing security risks [OK]
Quick Trick: Avoid extract on untrusted data without precautions [OK]
Common Mistakes:
  • Thinking extract causes syntax errors
  • Assuming extract deletes variables
  • Ignoring security implications

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More PHP Quizzes
Array Functions - Array map function - Quiz 9hard Classes and Objects - Destructor method - Quiz 11easy Classes and Objects - Destructor method - Quiz 2easy File Handling - Directory operations - Quiz 13medium Inheritance and Polymorphism - Instanceof operator - Quiz 12easy Inheritance and Polymorphism - Final classes and methods - Quiz 3easy Sessions and Cookies - Session variables - Quiz 7medium String Functions - String replace functions - Quiz 10hard Superglobals and Web Context - Form handling execution flow - Quiz 1easy Superglobals and Web Context - Form handling execution flow - Quiz 10hard