I had created an PHP-Object for my Database, and now i have a question is it protected from SQL-Injections??? Here my method to load Data form Database
public function loadData($query, $params = []) {
$stmt = $this->db->prepare($query);
$stmt->execute($params);
return $stmt->fetchAll();
}
My Query
$user_id = trim($_GET['user']);
$article_id = trim($_GET['article']);
$data = loadData("SELECT * FROM articles WHERE user = ? AND article = ?", [$user_id, $article_id]);
or this solution.
$myData = [$user_id, $article_id];
$data = loadData("SELECT * FROM articles WHERE user = ? AND article = ?", $myData);
