Prevent SQL Injection In This PHP Code
问题 I have the following function that writes into a PostgreSQL database. I need to make it safe from SQL injection however I am not sure how to do that. The part of the query assembled from pg_query_params is safe from injection (or so I have been told) however the other part of the assembled query via PHP's string concatenation . is apparently vulnerable to injection. private function setItem($table, $id, $field, $itemId, $fieldValue){ $_1 = $itemId; $_2 = $fieldValue; $_3 = $field; $_4 =