What is PHP injection and what is the difference to SQL injection?
In this article, we will learn what PHP injection is and also how it differs from the other hacking practice known as SQL injection.
Hey you all programmers, ok? Let’s learn more about PHP injection and SQL injection!
The practice of inject PHP differs from SQL injection, although they are often confused.
SQL injection is done through a query improperly inserted into your system
PHP injection is an invasion with PHP code, or by file that contains PHP
How Does PHP Injection Happen?
The attacker somehow injects a script into your website, subsequently executing it
The way this script is injected varies, but most of the time it is through a wrongly handled file upload form on the server side.
Allowing files of any extension to be uploaded, then the attacker uploads a .php file
And then run this file, via a URL, for example
By that he can have control over everything that is on the server, deleting files or even entering your database for data theft.
How To Avoid the injection?
The form looks a bit like SQL injection: we must handle ALL data sent by clients
From common data to files
The idea is that tests are also carried out so that the possibility of both SQL insertions and PHP injections are eliminated.
Only in this way can the software be free from these intrusions
In this article we learned what is PHP injection and also how to protect yourself from this attack
The question was raised of the confusion of this type of attack with SQL injection
But the big difference is that the SQL injection is done with the insertion of SQL code in other gaps of interactions carried out with the database.
The act of inject malicious code is usually done by submitting a .php file in an upload form.
Do you want to learn more about PHP and web development? Click here!