1
0
mirror of https://github.com/danog/psalm.git synced 2024-12-02 09:37:59 +01:00
psalm/docs/running_psalm/issues/TaintedSql.md
2021-01-29 11:46:13 +01:00

19 lines
377 B
Markdown

# TaintedSql
Emitted when user-controlled input can be passed into to a SQL command.
```php
<?php
class A {
public function deleteUser(PDO $pdo) : void {
$userId = self::getUserId();
$pdo->exec("delete from users where user_id = " . $userId);
}
public static function getUserId() : string {
return (string) $_GET["user_id"];
}
}
```