I am wondering if the following hacking method is possible to attack a website?
a) a direct include of php script remotely
b) print out all variables as if a normal include
Can this be possible? -or are there other alternative? using socket perhaps?
The danger here is the possiblity of exposing my db. Cause many of my project sql stmt are stored in a variable. Eg. $sql_var = " SELECT this_field1, this_field2 FROM that_table". By using print_r(get_defined_vars()
), can all my data be exposed?
Reason for this question is I would like to know ways to protect my data from exposed to hackers.