Prestashop sql statements / verify escaping or type cast

[ghost]

Hi,

Hope you are all well !

I wanted to use php-parser to check if my prestashop code is missing some escaping function for any sql statement.

For eg, in this commit PrestaShop/PrestaShop@3fa0dfa, you can see that the pSQL and (int) functions are missing.

Is it possible to grep a list of all "Db::getInstance()" and check if the variables are escaped or cast ?

Thanks for any insights or inputs on that :-)

Cheers, Luc Michalski