I'm just going through a current project adding the necessary code to prevent SQL injection, XSS etc. However I was wondering how easy it would be to execute SQL injection via a file upload?
Does any one have any knowledge in this area?
I'm just going through a current project adding the necessary code to prevent SQL injection, XSS etc. However I was wondering how easy it would be to execute SQL injection via a file upload?
Does any one have any knowledge in this area?
You should sanitize any user-supplied input. This includes $_FILES. For example, if you store the uploaded filename in a database, this could be exploited by an attacker.