Open kenashkov opened 4 years ago
Currently this is not possible to be done with coroutine\mysql as fetch() only supports associative array (no indexed array like mysqli_stmt->fetch_all()). In order this to be implemented an SQL parses needs to be used and the query to be validated this way.
Once the query is validated it should be flagged and this validation is to be skipped in the later requests.
If an SQL parses is added then also a check for table.* should be added and prevent its use. Always require all columns to be individually selected.
Do this for: