Client: php[architect]
Title: Security Principles for PHP Applications by Eric Mann
Excerpt:
“In the PHP world, injection like this occurs when developers erroneously trust user input. The vulnerable code above allowed users direct input into SQL queries, making the database do something other than it was intended. Other users can manipulate query variables that are used internally to switch application logic from one, expected flow to another. Still, other users might inject executable PHP code into a header that is extracted and inadvertently executed by the application, giving this user control over the PHP stack itself.”