What is PHP injection and what is the difference to SQL injection?

April 15, 2022

What is PHP injection and what is the difference to SQL injection?

In this article, we will learn what PHP injection is and also how it differs from the other hacking practice known as SQL injection.

PHP injection thumb

Hey you all programmers, ok? Let’s learn more about PHP injection and SQL injection!

The practice of inject PHP differs from SQL injection, although they are often confused.

SQL injection is done through a query improperly inserted into your system

PHP injection is an invasion with PHP code, or by file that contains PHP

How Does PHP Injection Happen?

The attacker somehow injects a script into your website, subsequently executing it

The way this script is injected varies, but most of the time it is through a wrongly handled file upload form on the server side.

Allowing files of any extension to be uploaded, then the attacker uploads a .php file

And then run this file, via a URL, for example

By that he can have control over everything that is on the server, deleting files or even entering your database for data theft.

How To Avoid the injection?

The form looks a bit like SQL injection: we must handle ALL data sent by clients

From common data to files

The idea is that tests are also carried out so that the possibility of both SQL insertions and PHP injections are eliminated.

Only in this way can the software be free from these intrusions


In this article we learned  what is PHP injection and also how to protect yourself from this attack

The question was raised of the confusion of this type of attack with SQL injection

But the big difference is that the SQL injection is done with the insertion of SQL code in other gaps of interactions carried out with the database.

The act of inject malicious code is usually done by submitting a .php file in an upload form.

Do you want to learn more about PHP and web development? Click here!

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x