PHP

PHP

By DeepSource

Audit required: Use of insecure eval() function found PHP-A1000
Security

eval() function allows execution of an arbitrary PHP code. Executing code dynamically is security-sensitive and should be avoided.

Audit required: SQL query might be vulnerable to injection attacks PHP-A1002
Security

Using user-provided data while executing an SQL query can lead to SQL injection attacks. An SQL injection attack consists of the insertion or "injection" of a malformed SQL query via the input data given to an application. It is a prevalent attack vector and causes significant damage if the incoming data is not properly sanitized.