This repository was archived by the owner on Apr 1, 2022. It is now read-only.
This repository was archived by the owner on Apr 1, 2022. It is now read-only.
Recommendation #4
Description
I would recommend adding self::_getPDO()->quote($where) to the following function. This will prevent characters like ' from making the query invalid.
public static function where($where, $params = [], $order = null, $limit = null, $index = 0)
{
if ($where === '') {
$query = 'SELECT * FROM `' . self::getTable() . '` ' . self::order($order) . self::limit($limit, $index);
} else {
$query = 'SELECT * FROM `' . self::getTable() . '` WHERE ' . self::_getPDO()->quote($where) . self::order($order) . self::limit($limit, $index);
}
return self::query($query, $params);
}