We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.
  1. Home
  2. MVC

To simplify the query

$post = $this->request->getPost("users");
$user = Users::findFirst(array(
        'username = :username: and password = :password:',
        'bind' => $post
));

If there are other methods to simplify the way where the query, for example, I hand in the $post directly can own puzzle of the where condition?



98.9k
Accepted
answer

Building the where condition from the data passed in $_POST is potentially insecure as it allows a third party to inject PHQL/SQL also query data that is not allowed to.