Possible SQL injection bug
I have next code:
$db->query(
"UPDATE users
SET uCoalWarehouse=uCoalWarehouse - ROUND(uCoalWarehouse/ $SETTINGS['ware_rust_rate'])
WHERE uCoalWarehouse > 0");
PhpStorm shows me error here:
Is it a bug or i should write $SETTINGS[ware_rust_rate] instead of $SETTINGS['ware_rust_rate'].
请先登录再写评论。
Seems like PhpStorm right. I should write {$SETTINGS['ware_rust_rate']} instead of $SETTINGS['ware_rust_rate'] in the query string.