Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

To simplify the query

$post = $this->request->getPost("users");
$user = Users::findFirst(array(
        'username = :username: and password = :password:',
        'bind' => $post
));

If there are other methods to simplify the way where the query, for example, I hand in the $post directly can own puzzle of the where condition?



85.4k
Accepted
answer

Building the where condition from the data passed in $_POST is potentially insecure as it allows a third party to inject PHQL/SQL also query data that is not allowed to.