Security is main concern in any web application or website.What actually security means is that your website is fully protected and no one can hack any of your page or data which injecting malware’s or any scripting.there are so many other injection are there to hack website or get data with unauthorized entry. some of them are :
- XSS vulnerability.
- SQL Injection.
Lets see one by one
- XSS vulnerability : – This is one type of injection in which we can edit injection URL. When we use URL parameter value in our java script or html code then we are using that value to show or use that value to get data from database. for example if our website is www.abc.com/admin and we are sending value from URL parameter like www.abc.com/admin?name=feedkart&srno=2 then here name is key and feedkart is value. and this key we are using in our script or any html or ajax call or any API call. any script can inject in this key using value.
- SQL injection : – SQL injection itself say inject in SQL . when user try to change SQL query with injecting his query while searching or getting data from database. This type of SQL injection. When we search or enter any value to fetch data from database. we can inject SQL query to get data from database as per our enter query.
To fix this security issue update your code to with below parameters :-
- Don’t use get method always use post method. this can prevent URL injection.
- Don’t user url parameters in code. User can inject with post data key and value to crack security of application.
- Always use prepare statement in SQL query to avoid inline parameters injection of SQL query.