I am curious as to why extract() is so bad – I agree that it is for incoming data because of never trusting the client and the need for cleansing data before you use it elsewhere.

However if you pull out database records as an associative array (i.e. the source is trusted) then extract() is really useful…? I code a lot of PHP as well so would be interested in your thoughts on this!

Mark