Using dynamic SQL queries that concatenate user input directly into the query string can lead to SQL injection vulnerabilities. Attackers can
manipulate the input to alter the SQL query’s structure, potentially gaining unauthorized access to or manipulating the database.
Exceptions
No issue will be raised if one of the functions is called with hard-coded string (no concatenation) and this string does not contain a "$"
sign.
$result = mysql_query("SELECT * FROM myTable WHERE id = 42") or die('Query failed: ' . mysql_error()); // Compliant
The current implementation does not follow variables. It will only detect SQL queries which are concatenated or contain a $ sign
directly in the function call.
$query = "SELECT * FROM myTable WHERE id = " . $id;
$result = mysql_query($query); // No issue will be raised even if it is Sensitive
