Hello,
Does anybody knows for sure if the db->query() method uses PDO, sanitizes the input query statement somehow? or should I use another method to make sure I don’t have any sql injection issue?
For example. I’m using this:
$sql = “SELECT id FROM accounts WHERE id=’$id’ AND deleted = 0”;
$result = $GLOBALS[‘db’]->query($sql);
$id is a query string parameter (url)
regards