Insight Database queries should use parameter binding - in httpdocs/Classes/Common/User/User.php, line 154

[SpoonOfDoom]

** in httpdocs/Classes/Common/User/User.php, line 154

SteamCompletionist/httpdocs/Classes/Common/User/User.php

Line 154 in f42473e

$this->db->prepare('UPDATE `' . $this->config['authTable'] . '` SET `authSalt` = ? WHERE `' . $this->config['userColumn'] . '` = ?');

** > If provided by the user, thE VALue of $this->config authTable may allow an SQL injection attack. Avoid concatenating parameters to SQL query strings, and use parameter binding instead. - _Posted from SensioLabsInsight https://insight.sensiolabs.com/projects/8d43a3d5-1470-48d3-ac74-e9830e577804/analyses/1 _