Welcome Guest, Not a member yet? Register   Sign In
SQL Injections

I would like to know if the Query Builder Class is safe in terms of SQL Injections.

How should they be used correctly to avoid these attacks?
I have this situation:
$product    =  $this->productModel->asObject()->find( $id );

And this other:
$sql        =  'SELECT * FROM products WHERE id = ?';
$products   =  $this->db->query( $sql, [ 1 ] )->getResultObject();

Which would be the safest?

find() is not a Query Builder method. It is a Model method.

If you want to make your app safe, validate all user input before passing to DB/QB/Model objects.

Theme © iAndrew 2016 - Forum software by © MyBB