[Solved] Security of PHP POST Array

Question

An attacker cannot “escape” a PHP array, because the contents of the array are not executed as code. It may contain a string of PHP, but that string is not executed.

What may be insecure is how your PHP code handles the user input later on.

If you are outputting the data without sanitising it, the user could put in any javascript code that would then appear on your site (For more info look up cross-site scripting or XSS).
To prevent this in PHP check out this question.

Alternatively, if you are putting the data into a database without escaping it, the user could enter their own SQL commands (for more info look up SQL Injection).
To prevent this in PHP, use something like PDO with prepared statements.

Accepted Answer

An attacker cannot “escape” a PHP array, because the contents of the array are not executed as code. It may contain a string of PHP, but that string is not executed.

What may be insecure is how your PHP code handles the user input later on.

If you are outputting the data without sanitising it, the user could put in any javascript code that would then appear on your site (For more info look up cross-site scripting or XSS).
To prevent this in PHP check out this question.

Alternatively, if you are putting the data into a database without escaping it, the user could enter their own SQL commands (for more info look up SQL Injection).
To prevent this in PHP, use something like PDO with prepared statements.