I don't find any information about a SQL Injection when I call the Resulset() Method. For example:
$sql = "SELECT * FROM video v WHERE v.id = '" .$id. "; // Base model $video = new video(); // Execute the query return new Resultset(null, $video, $video->getReadConnection()->query($sql));
Does anybody know if the SQL Query will be escaped to avoid SQL Injections? Or do I have to do it in another way?