Code injection with PHP -


I know that SQL injection & amp; Accessories & amp; Validating user input ... but wondering if you are taking data from user input field & amp; The data is a string that is so safe to use this data inside of your code for the goods:

  if ($ i == $ _POST ['userinput']) {... .}   

There is only one example above, when asked if steps need to be taken & amp; Under what circumstances

Obviously this will not work in the above example, but just trying to stop people from including something like this ('whatever.php'); e.t.c.

Comparing against one variable, as you show, is not dangerous in itself, so its about Nothing to worry about.

User input is potentially dangerous when is used , in a statement, in a database query, in the file name, a eval () < / Code> calls, in an HTML page, etc. a correct hygiene method

Comments