DEV Community

Discussion on: Security holes in PHP

Collapse
vlasales profile image
Vlastimil Pospichal

Some example? I have no problem with this.

Collapse
bluebird1 profile image
bluebird • Edited

I tried a stupid sql operation to add user data (such as gold coins), and then add the number of user operations in the database.Sorry,not my open source code。

Thread Thread
vlasales profile image
Vlastimil Pospichal

Use complex SQL or transaction.

Thread Thread
bluebird1 profile image
bluebird

Yes. So I was stupid at the time.But sometimes I can't use sql ransaction. Because maybe I are calling an external api or other operation.

Thread Thread
vlasales profile image
Vlastimil Pospichal

This is not vulnerability PHP. This is bad manipulation with database.

Thread Thread
bluebird1 profile image
bluebird

sorry,I may understand the wrong title.But if you only say php specific vulnerabilities,Should only be file include bug and some php Internal implementation vulnerability.

Collapse
bluebird1 profile image
bluebird • Edited

CVE-2017-16871 In fact, it is not common in php (golang is more). It is hard exploit and hard to find, but I can't ignore it, which leads me to check code like multi-step sql operation frequently.