Using a foreach loop to get create variables from $_POST security issues?

In the past I have used the follo开发者_如何转开发wing to create variables from a posted form.

foreach($_POST as $k=>$v)
{
    $$k = $v;
}

What are the security risks associates with using this method?

im trying some test atm. how about this version where it removes anything that is not a letter or number before making the variable?

foreach($_POST as $k=>$v)
{
    $k = preg_replace("/[^[:alnum:]]/","",$k);
    $$k=$v;
}

---

An attacker can inject a POST variable called _SESSION and by that write data in your session so you can't trust your session anymore.