Security Question

[MejorCodigo]

Hey guys, there isn't really a problem I'm having but more like a theoretical question. Is this framework well protected against attacks like SQL Injection? If not, what are some ways I can go about protecting my apps against this type of attack using this framework. So far I've been loving this framework but this is something I want to know before continuing to use it for future apps.

I got this question from looking a the actual file and at the requirements, they use the PDO extension. I also saw that they use the query(); method to run their queries. From what I've read it is better to use the prepare(); method to protect against SQL injection. So should I just change the query(); method to the prepare(); method or does this framework handle this type of attack before the query is ran?

This part of the code from the framework:

public function query($query)
{
    if ($this->debug_mode)
    {
        echo $query;

        $this->debug_mode = false;

        return false;
    }

    $this->logs[] = $query;

        return $this->pdo->query($query); //This is the part I'm talking about.
}

Thanks guys, any help is appreciated! :)

[catfan]

What kind of version are you reading at? Medoo is using prepare statement for whole SQL execution system since v1.4, and the query() method is only provided a way to execute the raw query directly for special case. Additionally, query() is also possible to execute a query with prepare statement like other database framework https://medoo.in/api/query.

[MejorCodigo]

Ahh ok, so executing something like $database->select(); will run a prepared statement? @catfan

[catfan]

@ExoSkeleton321 Yes

[MejorCodigo]

Oh ok, perfect. Thanks a lot for clearing that up! So far that's the only thing I needed cleared up. Thanks again! :)