2
public function update($table, $data, $where,$criterios)
{
    $set = "";
    foreach ($data as $keyname => $value) {
        $set .= ($set == "") ? "" : ", ";
        $set .= $keyname . " = "  . ":".$keyname ;
    }
    $sql = "UPDATE $table SET $set WHERE $where";
    $stmt = $this->db->prepare($sql);
    foreach ($data as $placeholder => $valor) {
        $stmt->bindValue(":".$placeholder, $valor);
    }
    foreach ($criterios as $criterio => $valor) {
        $stmt->bindValue(":".$criterio, $valor);
    }
    return $stmt->execute();
}
update("tabelanome",$_POST,"WHERE :id=id",array("id"=>1));
there is something that can be done to make the code not vulnerable?
The
execute()is a good option, here there’s another.– rray