killchain-compendium/Miscellaneous/Insecure Functions.md

# Insecure Functions

This is an incomplete collection of potentially insecure functions found in well-known programming languages.
Look it up to avoid insecure programming pitfalls.

## PHP

### MySQL

Following functions are insecure without limit or sanitizing input

```php
mysqli_query()
mysql_query()
mysqli_prepare()
query()
prepare()
```

### Local File Inclusion

In concjunction with user input, e.g. `POST` or `GET` these functions are insecure

```php
require()
include()
require_once()
include_once()
```
bump 2023-07-01 11:38:51 +02:00			`# Insecure Functions`

			`This is an incomplete collection of potentially insecure functions found in well-known programming languages.`
			`Look it up to avoid insecure programming pitfalls.`

			`## PHP`

			`### MySQL`

			`Following functions are insecure without limit or sanitizing input`

			```php
			`mysqli_query()`
			`mysql_query()`
			`mysqli_prepare()`
			`query()`
			`prepare()`
			```

			`### Local File Inclusion`

			In concjunction with user input, e.g. `POST` or `GET` these functions are insecure

			```php
			`require()`
			`include()`
			`require_once()`
			`include_once()`
			```