1.2.1060. SQL queries¶
SQL queries, detected in literal strings.
SQL queries are detected with keywords, inside literals or concatenations.
<?php
// SQL in a string
$query = 'SELECT name FROM users WHERE id = 1';
// SQL in a concatenation
$query = 'SELECT name FROM '.$table_users.' WHERE id = 1';
// SQL in a Heredoc
$query = <<<SQL
SELECT name FROM $table_users WHERE id = 1
SQL;
?>
1.2.1060.1. Specs¶
Short name |
Type/Sql |
Rulesets |
|
Exakat since |
0.10.1 |
PHP Version |
All |
Severity |
|
Time To Fix |
|
Precision |
Very high |
Available in |