[Question]: This following code below is vulnerable or not ?

[diyarsaadi]

Vulnerable Line : SQL Injection has been found. Change this code to no longer construct SQL queries directly from user-controlled data.

Calling method \iaDb,1::getAll(["var"]) in (216)\iaDb,1::_get(["row","MAX(order)","var","var","1"]) that outputs using tainted argument #1 ($sql).

Infected Line : 242

238 $sql = 'SELECT ' . $stmtFields . ' FROM ' . $this->_table . ' ' . $condition; 239

240 switch ($type) { 241 case 'all': 242 1return $this->getAll($sql); 243 case 'keyval': 244 return $this->getKeyValue($sql); 245 case 'assoc': 246 return $this->getAssoc($sql, true); 247 default:

#Description #

This code is vulnerable to SQL injection because the application receives data from the user or a third-party service and inserts it into a database query without sanitizing it first. It's a critical vulnerability.