[Question]: This following code below is vulnerable or not ?

[diyarsaadi]

Vulnerable Line :
SQL Injection has been found. Change this code to no longer construct SQL queries directly from user-controlled data.

Calling method \iaDb,1::getAll(["var"]) in (216)\iaDb,1::_get(["row","MAX(order)","var","var","1"]) that outputs using tainted argument #1 ($sql).

Infected Line : 242

238
$sql = 'SELECT ' . $stmtFields . ' FROM ' . $this->_table . ' ' . $condition;
239

240
switch ($type) {
241
case 'all':
242
1return $this->getAll($sql);
243
case 'keyval':
244
return $this->getKeyValue($sql);
245
case 'assoc':
246
return $this->getAssoc($sql, true);
247
default:

#Description #

This code is vulnerable to SQL injection because the application receives data from the user or a third-party service and inserts it into a database query without sanitizing it first. It's a critical vulnerability.

[g0tmi1k]

Hello @diyarsaadi

This question is off topic for this repo. This is for a collection of lists rather than getting help for code review