I am using Phalcon but not the ORM. I am sending my own queries to the database.
Few days ago I realized that when I call $this->get("name") from any controller, the String passed by the user is not sanitized, so I am potentially sending dangerous SQL code straight to the database.
My projetc is around a milling lines of code now and I cannot go though every single get() and add the second parameter. I need a way to overwrite the get() method from the bootstrap and sanitize all responses at once.
I have been trying this for few days without luck. Can you guys point me on the right direction, or help with a better solution?