mirror of
https://github.com/danog/psalm.git
synced 2024-12-02 17:52:45 +01:00
19 lines
377 B
Markdown
19 lines
377 B
Markdown
# TaintedSql
|
|
|
|
Emitted when user-controlled input can be passed into to a SQL command.
|
|
|
|
```php
|
|
<?php
|
|
|
|
class A {
|
|
public function deleteUser(PDO $pdo) : void {
|
|
$userId = self::getUserId();
|
|
$pdo->exec("delete from users where user_id = " . $userId);
|
|
}
|
|
|
|
public static function getUserId() : string {
|
|
return (string) $_GET["user_id"];
|
|
}
|
|
}
|
|
```
|