[#.x] - fixes from copilot

niden · niden · commit cff4a1a635ef · 2025-10-08T11:18:49.000-05:00
diff --git a/tests/AbstractUnitTestCase.php b/tests/AbstractUnitTestCase.php
@@ -104,21 +104,20 @@ protected function getFromDatabase(
         string $table,
         array $criteria
     ): array {
-        $sql   = 'SELECT * FROM ' . $table . ' WHERE ';
-        $where = [];
+        $where  = [];
+        $params = [];
         foreach ($criteria as $key => $value) {
-            $val = $value;
-            if (true === is_string($value)) {
-                $val = '"' . $value . '"';
-            }
-
-            $where[] = $key . ' = ' . $val;
+            $param          = ':' . $key;
+            $where[]        = $key . ' = ' . $param;
+            $params[$param] = $value;
         }
-
-        $sql .= implode(' AND ', $where);
-
-        $result  = $this->connection?->query($sql);
-        $records = $result?->fetchAll(PDO::FETCH_ASSOC);
+        $sql = 'SELECT * FROM ' . $table;
+        if (!empty($where)) {
+            $sql .= ' WHERE ' . implode(' AND ', $where);
+        }
+        $stmt = $this->connection?->prepare($sql);
+        $stmt?->execute($params);
+        $records = $stmt?->fetchAll(PDO::FETCH_ASSOC);
 
         return $records;
     }
diff --git a/tests/Fixtures/Domain/Migrations/UsersMigration.php b/tests/Fixtures/Domain/Migrations/UsersMigration.php
@@ -25,16 +25,19 @@ public function insert(
         ?string $username = null,
         ?string $password = null,
     ) {
-        $id  = $id ?: 'null';
-        $sql = <<<SQL
-INSERT INTO {$this->table} ( 
-    usr_id, usr_status_flag, usr_username, usr_password
-) VALUES (
-    $id, $status, '$username', '$password'
-)
-SQL;
-
-        $result = $this->connection->exec($sql);
+        $sql    = "INSERT INTO {$this->table} (
+            usr_id, usr_status_flag, usr_username, usr_password
+        ) VALUES (
+            :id, :status, :username, :password
+        )";
+        $stmt   = $this->connection->prepare($sql);
+        $params = [
+            ':id'       => $id,
+            ':status'   => $status,
+            ':username' => $username,
+            ':password' => $password,
+        ];
+        $result = $stmt->execute($params);
         if (!$result) {
             Assert::fail(
                 "Failed to insert id [#$id] into table [$this->table]"
