Hi
We are using many times findFirst to load first item based on user value
function userItem($id)
{
return User::findFist($id); // maye be User::find();
}I want to know does it automatically does clean on SQL injections? Or do I have to use "bind => array(...)" instead ?
Nope, I want to no do Phalcon do this automattically without using bind, when I want to find items with Integer IDs throgh find( and findFirst( ?
https://github.com/phalcon/cphalcon/blob/2.0.0/phalcon/mvc/model.zep#L820 Bind parameters with types
Db classes is working on PDO exstension and It will be anti sql injection https://stackoverflow.com/questions/7915952/can-i-fully-prevent-sql-injection-by-pdo-prepared-statement-without-bind-param
Read more about PDO if you need
@pedped Check my comment as answer and close it please
