-2
I am developing a project which I am using a structure somewhat similar to that of Laravel, this structure allows me to make a CRUD in the whole system using only one class and setting the tables I want to consult. The code below shows how I created, I made some basic validations but I do not know if in case it is necessary to validate the input parameters so that the query is not vulnerable against sql Injection or if the way it is is no longer vulnerable.
<?php
namespace SON\Db;
abstract class Table{
protected $db;
protected $table;
public function __construct(\PDO $db){
$this->db = $db;
}
public function insert(array $data){
$fields = '`' . implode('`, `', array_keys($data)) . '`';
$fields_data = ':' . implode(', :', array_keys($data));
$stmt = $this->db->prepare("INSERT INTO {$this->table} ({$fields}) VALUES ({$fields_data})");
if($stmt->execute($data)){
return true;
// cadastro efetuado com sucesso !
}
return false;
// error - email inválido
}
?>
Have some way to validate the data within the array so that it is not necessary to separate the data into several variables ?
– Reignomo