This style of DB function use violates normal Moodle guidelines, and makes it hard to review your code. the first param is a sql injection vector and reviewers must track through your code to check how the variables are stored and if they are manipulated anywhere:
eg:
$DB->update_record(database_meta::$tableratingsystem, $configuration)
should be:
$DB->update_record('capquiz_rating_system', $configuration)
sebastsg
commented
5 years ago
This style of DB function use violates normal Moodle guidelines, and makes it hard to review your code. the first param is a sql injection vector and reviewers must track through your code to check how the variables are stored and if they are manipulated anywhere: eg: $DB->update_record(database_meta::$tableratingsystem, $configuration)
should be: $DB->update_record('capquiz_rating_system', $configuration)