Hi,
Is findByPk supposed to automatically sanitize the passed in $pk to prevent SQL injection? When I tried it, it appeared that the pk I passed in wasn’t being escaped or anything.
Thanks!
Eric
Hi,
Is findByPk supposed to automatically sanitize the passed in $pk to prevent SQL injection? When I tried it, it appeared that the pk I passed in wasn’t being escaped or anything.
Thanks!
Eric
It’s PDO, so the answer is yes.