From the course: PHP: Creating Secure Websites
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
PHP code injection - PHP Tutorial
From the course: PHP: Creating Secure Websites
PHP code injection
- [Narrator] In this movie, we'll learn about PHP code injection and how to protect your code from it. PHP code injection is when a hacker is able to execute arbitrary PHP code on the web server. It's similar to remote system execution, but it affects PHP, not the servers operating system. The most common way it happens is when you use the PHP function eval in the code. Eval executes a string as if it were PHP. It's powerful and it can be dangerous. Injection can also be done using a technique called remote file inclusion, where they include or require functions to be tricked into loading a file that contains an attacker's PHP code. The eval function is rarely used but include and require are pretty common. Let's look at some examples for eval. Let's imagine that I'm using eval I'm going to pass in some kind of a string that I've built up. The most common reason that developers think they need to use eval is they…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.