Security Issue #1
Comments
|
First, Why is mysqli outdated ? |
|
Well, the mysqli connector isn't completely outdated. Its just that PDO is featuring more functions then mysqli and will be the new primary connector. For example: with PDO you can return directly an array of your selectet entities and must not create a loop to put them into an array. |
|
Sure but this is not directly the purpose of this Libary |
|
You could save up some line of code? |
|
I can, but like i said the purpose of this Libary is to easy work with a database. I can update it to the PDO but i would make a second branch explicit for PDO. Then we can Cover both the "Mysqli" and the "PDO" Connector 😄 👍 |
Hello Timy,
I've found some security issues in your methods. First of all mysqli is outdated, for new webapplications you should use pdo or an orm like doctrine. Next you are not using prepared statements. Like you have done it an SQL injection is quite easy.
Also why are you creating always a new connection for each method and dont just create the connection in the construct method and safe it as an private variable in your class.
The text was updated successfully, but these errors were encountered: