FindFirst(NULL) = Dangerous

When I use this

Admin::findFirst(NULL)

The first record of the table is found, is this correct ?

On the contrary

Admin::findFirst(0)

No record found (to me correct)



18.5k

Yeah you're right. But remember that Admin::findFirst() is the same as Admin::findFirst(NULL).

And for Admin::findFirst(0), if you're using unsigned int with autoincremente, it's correct (because it starts at 1).



4.5k

if you have a variable $id who is null, it's very dangerous.

Imagine you test if someone is loged with Admin::findFirst($id); and you don't test if (int)$id >0, everybody can connect.



18.5k

1) Yeah, is very dangerous, they had to fix that checking that $var != undefined && $var != NULL @phalcon).

2) When some user logs in, the developer has to set some way (DB, access file) to say that the user is already log on. So I don't think so that will happen normally.



19.8k

I think this is more your responsability, since findFirst is behaving the way it should, finding the first record.