As seen below screenshot. string concatenation used to build SQL queries and parametrized queries are not being used. This is very much support to hackers and not the right way of using PHP. Need to use parametrized queries where ever-dynamic queries are required and must not support hackers of any kind.
As seen below screenshot. string concatenation used to build SQL queries and parametrized queries are not being used. This is very much support to hackers and not the right way of using PHP. Need to use parametrized queries where ever-dynamic queries are required and must not support hackers of any kind.
Example https://github.com/sapplica/sentrifugo/blob/master/application/modules/assets/models/AssetCategories.php