Can php be injected, just like sql? -


i wondering, whether if php can injected way mysql can injected. have rough idea of how sql injection done, , have carried out in development environment. wondering if php injected.

though myself have gut feeling not case since if tried more trying inject mysqli prepared statement.

and no! not talking injecting javascript input talking plain php-html injection through input/get/post . like stopping current php code execution , inserting own code in between.

yes, might possible. if use eval() or output buffering generating output , not escape values stored in database before feed template parser, php code within might executed.

if use plain php in templates risk rather high.


Comments

Popular posts from this blog

java - UnknownEntityTypeException: Unable to locate persister (Hibernate 5.0) -

python - ValueError: empty vocabulary; perhaps the documents only contain stop words -

ubuntu - collect2: fatal error: ld terminated with signal 9 [Killed] -