Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a website that communicates with an embedded swf object.
The flash runs sendAndLoad(“URL”, receiver) command to transfer xml strings with server and the server uses file_get_contents(“php://input”) to receive xml string from flash . Should i worry about sql injection attacks?
Short answer: Yes
A bit longer answer: While it’s not instantly obvious, a request CAN be forged and cause injection if the data isn’t escaped properly. Just because the data usually comes from a flash object doesn’t mean one can’t create his own script to send malicious data.