40

I want clear $_POST array content fully, all examples what I see in internet, looks like this:

if (count($_POST) > 0) { foreach ($_POST as $k=>$v) { unset($_POST[$k]); } }

Tell please, this variant will be not more better? (Point of view as saving resources)

if (count($_POST) > 0) { $_POST = array(); }

or not ?

Improve this question
17
  • 4
    Why would you want to empty $_POST? Commented Oct 18, 2012 at 11:49
  • 7
    You don't even need count. $_POST = array(); and you are all set. Commented Oct 18, 2012 at 11:49
  • 1
    If you need to change the values of $_POST you are doing something wrong. Commented Oct 18, 2012 at 11:50
  • 3
    you dont even require to write condtion. simple $_POST = array(); statement will do. Commented Oct 18, 2012 at 11:51
  • 2
    @Jon, @Lex: $_POST is writable which is kind of stupid, it can make sense to clear it if you are using an interface like a class to read user input. Commented Oct 18, 2012 at 11:51

6 Answers 6

Reset to default
69

Yes, that is fine. $_POST is just another variable, except it has (super)global scope.

$_POST = array();

...will be quite enough. The loop is useless. It's probably best to keep it as an array rather than unset it, in case other files are attempting to read it and assuming it is an array.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Technically it has superglobal scope, since the global scope in PHP isn't.
Sounds like you have an unrelated issue. If you read the post data before clearing it it's already too late.
Ah, I didn't know that and was suprised why everybody upvoted, thanks!
This unsets $_POST, but you can still do this: filter_input(INPUT_POST,'password',FILTER_UNSAFE_RAW) — And things of that sort. (On my FastCGI based PHP installation, this technique returns actual results, despite first unsetting $_POST!) If this is not being done for security reasons, then I fail to understand the legitimate application.
even shorter $_POST = [];
10

To unset the $_POST variable, redeclare it as an empty array:

$_POST = array();
Improve this answer

3 Comments

This unsets $_POST, but you can still do this: filter_input(INPUT_POST,'password',FILTER_UNSAFE_RAW) — And things of that sort. (On my FastCGI based PHP installation, this technique returns actual results, despite first unsetting $_POST!) If this is not being done for security reasons, then I fail to understand the legitimate application.
if you want avoid from re-insert then please use action attribute to direct form submission to other page and the using header redirect to that particular page then your re-submission in the database will fix. @NaturalBornCamper
@MatthewSlyman I take back my initial comment now that I understand what you mean. Yes, you can filter input and stuff, but OP did not ask how to ignore post data. could you show us an answere to prevent the dangerous filter_input, maybe?
7

The solutions so far don't work because the POST data is stored in the headers. A redirect solves this issue according this this post.

How to delete $_POST variable upon pressing 'Refresh' button on browser with PHP?

Improve this answer

Comments

2

It may appear to be overly awkward, but you're probably better off unsetting one element at a time rather than the entire $_POST array. Here's why: If you're using object-oriented programming, you may have one class use $_POST['alpha'] and another class use $_POST['beta'], and if you unset the array after first use, it will void its use in other classes. To be safe and not shoot yourself in the foot, just drop in a little method that will unset the elements that you've just used: For example:

private function doUnset() { unset($_POST['alpha']); unset($_POST['gamma']); unset($_POST['delta']); unset($_GET['eta']); unset($_GET['zeta']); }

Just call the method and unset just those superglobal elements that have been passed to a variable or argument. Then, the other classes that may need a superglobal element can still use them.

However, you are wise to unset the superglobals as soon as they have been passed to an encapsulated object.

Improve this answer

Comments

0

You can use a combination of both unset() and initialization:

unset($_POST); $_POST = array();

Or in a single statement:

unset($_POST) ? $_POST = array() : $_POST = array();

But what is the reason you want to do this?

Improve this answer

2 Comments

@Mahn Those who are using the PHP filter functions do not use $_POST to get access to form values. Thus, clearing $_POST is just a way of clearing resources. For instance, if someone dumps more characters into a form field than what is allowed (bypassing all client side validation) and that person is using PHP filter functions, $_POST is something that the developer may want to clear. I have my sanitizer do a pre-check control string lengths, then throw and catch a RangeException if a control has more characters than allowed. One might still use $_POST to get a count of controls submitted.
@AnthonyRutledge sure, the point is that in this scenario you don't need to both unset it and set it to an empty array. Simply doing the later is enough to clear it.
0

To answer "why" someone might use it, I was tempted to use it since I had the $_POST values stored after the page refresh or while going from one page to another. My sense tells me this is not a good practice, but it works nevertheless.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.