Hardcoded string input no filtering construction : concatenation with simple quote

Safe sample input : get the $_GET['userData'] in an array SANITIZE : use in_array to check if $tainted is in the white list construction : use of sprintf via a %s with simple quote

Safe sample input : get the $_GET['userData'] in an array sanitize : none construction : use of sprintf via a %u

Safe sample input : get the field userData from the variable $_GET via an object sanitize : cast via + = 0 construction : use of sprintf via a %u

Safe sample input : Get a serialize string in POST and unserialize it sanitize : cast via + = 0.0 construction : concatenation with simple quote

Safe sample input : get the field UserData from the variable $_POST Uses a special_chars_filter via filter_var function construction : interpretation with simple quote

The code updates database table. User-controlled data are sanitized by using SQL parameters.

The code updates database table. Data are sanitized by using SQL parameters.

The code updates database table. User-controlled data are sanitized by using SQL parameters.

The semantics of virtual functions. As most C++ compilers implement virtual functions using a Virtual Function Table (VTBL). The VTBL is an array of function pointers that is used at runtime for dispatching virtual function calls. It"s possible to overwrite function pointers in the VTBL or change...

Exploits of the .dtors section. An attacker can transfer control to arbitrary code by overwriting the address of the function pointer in the .dtors section. This .dtors section exists only in programs that have been compiled and linked with GCC. From "Secure Coding in C and C++" by Robert C. Seac...