user1091856
Reputation: 3158
PHP: Injecting code on non-sql code?
I've read about MySQL injection and how it's done. I have a doubt, how could a login code be attacked if it doenst get data from a database?
This is what my login code looks like:
if($_GET['login'] == "myname" && $_GET['password'] == "mypass"){
echo 'welcome, admin.';
else
echo 'login failed.'
ps: this is for practice sake only, I know hardcoded passwords shouldnt be used.
Upvotes: 0
Views: 45
Answers (1)
Brad
Reputation: 163282
If there's no SQL database, there is no SQL injection.
The other common thing to watch out for is potential for XSS. This can be handled by simply escaping any user output. Since you don't output anything from the user at all in your example code, then I see no problem.
Upvotes: 3
Related Questions
- Can this php code be sql injected?
- How can I inject SQL into my site?
- SQL Injectable Webpage
- Is it possible to make a "php injection"?
- How do you embedded your sql queries in php scripts (coding-style)?
- Code injection with PHP
- Injecting into a non-SQL site (PHP only)
- PHP with SQL Injection
- PHP Code Injection
- How to inject php code from database into php script?