We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

FindFirst(NULL) = Dangerous

When I use this


The first record of the table is found, is this correct ?

On the contrary


No record found (to me correct)


Yeah you're right. But remember that Admin::findFirst() is the same as Admin::findFirst(NULL).

And for Admin::findFirst(0), if you're using unsigned int with autoincremente, it's correct (because it starts at 1).


if you have a variable $id who is null, it's very dangerous.

Imagine you test if someone is loged with Admin::findFirst($id); and you don't test if (int)$id >0, everybody can connect.


1) Yeah, is very dangerous, they had to fix that checking that $var != undefined && $var != NULL (@phalcon).

2) When some user logs in, the developer has to set some way (DB, access file) to say that the user is already log on. So I don't think so that will happen normally.


I think this is more your responsability, since findFirst is behaving the way it should, finding the first record.