# Insecure Functions

This is an incomplete collection of potentially insecure functions found in well-known programming languages.
Look it up to avoid insecure programming pitfalls.

## PHP

### MySQL

Following functions are insecure without limit or sanitizing input

```php
mysqli_query()
mysql_query()
mysqli_prepare()
query()
prepare()
```

### Local File Inclusion

In concjunction with user input, e.g. `POST` or `GET` these functions are insecure

```php
require()
include()
require_once()
include_once()
```