Home>

I use CakePHP3.6.
I heard that Query Builder's "updateAll" is vulnerable to SQL injection.
Is there such a fact here?

Here's Gugu, but I don't get any serious information ...
If i know anyone, I would appreciate it if you could tell me.

  • https://www.google.com/search?q=cakephp3+updateAll+SQL%E3%82%A4%E3%83%B3%E3%82%B8%E3%82%A7%E3%82 % AF% E3% 82% B7% E3% 83% A7% E3% 83% B3&ie = utf-8&oe = utf-8&client = firefox-b-ab
  • https://www.google.com/search?client=firefox-b-ab&q=cakephp3+updateAll+SQL%E3%82%A4%E3%83%B3%E3%82%B8%E3 % 82% A7% E3% 82% AF% E3% 82% B7% E3% 83% A7% E3% 83% B3&nirf = cakephp + updateAll + SQL% E3% 82% A4% E3% 83% B3% E3 % 82% B8% E3% 82% A7% E3% 82% AF% E3% 82% B7% E3% 83% A7% E3% 83% B3&sa = X&ved = 0ahUKEwiy7YSH74TdAhWBMt4KHbmdAP0Q8BYIJSgB&biw = 1440&bih = 712
  • https://www.google.com/search?client=firefox-b-ab&biw=1440&bih=712&ei=mo1_W7_eNoPk-AbP4YjQBw&q=cakephp3+updateall+%E8%84%86%E5 % BC% B1% E6% 80% A7&oq = cakephp3 + updateall +% E8% 84% 86% E5% BC% B1% E6% 80% A7&gs;l_psy = ab.3 ... 6033.11060.0.11257.0.0 .0.0.0.0.0.0..0.0 .... 0 ... 1c.1j4.64.psy-ab..0.0.0 .... 0.xXuS1JCjTAA