How can I get all submitted form values in PHP and automatically assign them to variables?

I'm trying to migrate a website from one host to another. On the first host, when you submit a form, all of the form values are automatically stuck into variables with the input name (this is PHP). On the new host, these values are all null unless I do this:

$data = $_GET['data'开发者_高级运维];

Is there a PHP configuration setting that is causing this? If there isn't, is there an easy way to loop through all of the $_GET variables and automatically assign their values to a variable with the same name?

Thanks!

---

The setting is register_globals, but it is now deprecated and strongly advised against using it because it is a security risk. Anyone can set variables in your script which might interact in a negative or unexpected way with your code.

If you absolutely must, you can do it like this:

foreach ($_GET as $key=>$value) {
    $$key = $value;
}

or, more simply:

import_request_variables("g");

or, to make it a little safer:

import_request_variables("g", "myprefix_"); // This way forces you to use "myprefix_" 
// in front of the variables, better ensuring you are not unaware 
// of the fact that this can come from a user

extract($_GET) could also work, as someone else pointed out, and it also allows specification (via extra arguments) of adding a prefix or what to do if your extraction conflicts with an already existing variable (e.g., if you extracted after you defined some other variables).

---

Look at the extract function : http://www.php.net/manual/en/function.extract.php

---

You could do something like this:

foreach ($_GET["data"] as $name => $value){
  $$name = $value;
}

The issue with this is that it makes it easy for people to fiddle with the variables in your script. I could visit http://yoursite.com/?sql=DELETE+FROM...

I'd advise against doing this and just sticking to using $_GET.

---

Your question infers you are not doing any filtering or validation when assigning $_GET['data'] to $data, unless you are doing these kind of checks further down your script.

From what I have seen most programmers would do this first, in an effort to fail early if expected data did not match expectations, so that the above assignment in the case of expecting a positive int would become something like:

if( isset($_GET['data']) && (int)$_GET['data'] === 0){
//fail
}else{
$data = $_GET['data'];
}

So seeing just plain

$data = $_GET['data'] 

makes me wince.