Can php be injected, just like sql? -
i wondering, whether if php
can injected way mysql
can injected. have rough idea of how sql injection
done, , have carried out in development environment. wondering if php injected.
though myself have gut feeling not case since if tried more trying inject mysqli prepared statement.
and no! not talking injecting javascript
input talking plain php-html injection through input/get/post . like stopping current php code execution , inserting own code in between.
yes, might possible. if use eval() or output buffering generating output , not escape values stored in database before feed template parser, php code within might executed.
if use plain php in templates risk rather high.
Comments
Post a Comment