Skip to content

Instantly share code, notes, and snippets.

@mcsee
Last active Jun 27, 2021
Embed
What would you like to do?
<?
private function addTerms(string $SQLselect) {
$selectSentence = $this->createSqlWhere();
//INJECTED CODE
$simplifiedTerms = (new LikePatternSimplifier())->simplify($this->texts());
//INJECTED CODE
foreach ($simplifiedTerms as $text) {
$selectSentence->addWhere(
$this->tableAlias() . " LIKE '%" . $this->sanitize($text) . "%'");
}
$SQLselect->addWhere($selectSentence->asSQLSentence());
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment