public function update($table, $data, $where,$criterios)
{
$set = "";
foreach ($data as $keyname => $value) {
$set .= ($set == "") ? "" : ", ";
$set .= $keyname . " = " . ":".$keyname ;
}
$sql = "UPDATE $table SET $set WHERE $where";
$stmt = $this->db->prepare($sql);
foreach ($data as $placeholder => $valor) {
$stmt->bindValue(":".$placeholder, $valor);
}
foreach ($criterios as $criterio => $valor) {
$stmt->bindValue(":".$criterio, $valor);
}
return $stmt->execute();
}
update("tabelanome",$_POST,"WHERE :id=id",array("id"=>1));
Is there anything that can be done to make the code not vulnerable?