Hi everyone,
I am creating a new PDF template and need to access the database to retrieve a value. Here’s my code:
$propal_extrafields = $this->db->query("SELECT * FROM `llx_propal_extrafields` WHERE `fk_object`=".$object->id)->fetch_assoc();
I would prefer to use a prepared statement. Is that possible? Is DoliDBMysqli already protected against SQL injection?
Thanks !