Possible SQL injection bug

I have next code:

        "UPDATE users
         SET uCoalWarehouse=uCoalWarehouse - ROUND(uCoalWarehouse/ $SETTINGS['ware_rust_rate'])
         WHERE uCoalWarehouse > 0");
PhpStorm shows me error here:

Is it a bug or i should write $SETTINGS[ware_rust_rate] instead of $SETTINGS['ware_rust_rate'].

1 comment
Comment actions Permalink

Seems like PhpStorm right. I should write {$SETTINGS['ware_rust_rate']} instead of $SETTINGS['ware_rust_rate'] in the query string.


Please sign in to leave a comment.