[RSS Feed/News] $finder sql injection question

XenForo · Apr 15, 2021

is it safe to use direct url params in a finder based on a route?

I'm using
base/str:<slug>
to form the url in the routes page to determine the list page vs a detail page for one base category

Code:

Code:

$repo = $this->repository('My\Repo');
$finder = $repo->findMyStuff();

if(isset($params['slug']))
 {
            $finder->where('myfield', $params['slug']);
}

$viewParams = [
                    'myrow' => $finder->fetchOne(),    
]

if (!$viewParams['myrow'])
 {
          throw...

[RSS Feed/News] $finder sql injection question

XenForo