I would like to know if the Query Builder Class is safe in terms of SQL Injections.
How should they be used correctly to avoid these attacks?
I have this situation:
Code:
$product = $this->productModel->asObject()->find( $id );
And this other:
Code:
$sql = 'SELECT * FROM products WHERE id = ?';
$products = $this->db->query( $sql, [ 1 ] )->getResultObject();
Which would be the safest?