Is it bad practice to write to $_POST?

Question

If this is file_1.php

Answer 1

Generally spoken $_POST is just a regular PHP array that's populated with the POST data on each request. It's therefore possible to write your own values into $_POST.

But...

1) Your code doesn't work as your header() call in file_1.php instructs the browser to issue a new request which results in a completely new (and empty) $_POST array in file_2.php. The array will be empty because you didn't post anything to file_2.php.

2) In my opinion it's indeed bad practice... Getting data from $_POST (or $_GET or $_REQUEST) indicates that you're retrieving user data which should be handled with extreme caution (filtering, sanitizing, escaping,...). Writing internal data into these arrays will mix up internal and external data leading to confusion and probable security holes.