The reason is that the developer did not add the (int) string,
After repair, based on more than a year of observation, The problem has been solved.
But recently we have changed the new style, I am planning to make changes to all relevant code.
E.g:
Changed to$this->request->post['product_id']."'");
Or(int)$this->request->post['product_id']."'");
Changed to$this->request->post
Replace with "post" and "get", add (int) or $this->db->escape() to achieve anti-SQL injection.(int)$this->request->post
This is my advice from a friend, Excuse me, Like this change, can I avoid being SQL injection attacked?
My current version is: OpenCart 2.3.0.2 In the future, I might plan to upgrade to 3.1.x, Can I or need such an operation?