Possible SQL injection bug

I have next code:

$db->query(
        "UPDATE users
         SET uCoalWarehouse=uCoalWarehouse - ROUND(uCoalWarehouse/ $SETTINGS['ware_rust_rate'])
         WHERE uCoalWarehouse > 0");
PhpStorm shows me error here:

possible-sql-injection-bug.png
Is it a bug or i should write $SETTINGS[ware_rust_rate] instead of $SETTINGS['ware_rust_rate'].

1 comment
Comment actions Permalink

Seems like PhpStorm right. I should write {$SETTINGS['ware_rust_rate']} instead of $SETTINGS['ware_rust_rate'] in the query string.

0

Please sign in to leave a comment.