I would like to get data from a database by calling php file from ajax request with only one parameter - number. Based on number I retrieve data from database. In php file, if I do check if number is passed and then call database, in such case, is it possible to perform a sql injection attack or any other kind of attack? Thank you.
Asked
Active
Viewed 23 times
0
-
`In php file, if I do check if number is passed and then call database, in such case, is it possible to perform a sql injection attack`...it depends how you write the PHP and SQL code – ADyson Aug 10 '21 at 06:34
-
`any other kind of attack`...it depends what you do with the data afterwards. The fact you're using AJAX here is not the deciding or relevant factor in whether the code is vulnerable. E.g. if you're returning data which originated as user input to be used in a HTML document then you should always HTML-encode it first to reduce the risk of things like XSS attacks. Check the OWASP Top Ten for other common potential vulnerabilities. – ADyson Aug 10 '21 at 06:35