Remediation Steps

Follow the steps below to remediate this finding on Joomla.

1. Use the Joomla Database API to build parameterised queries:

   $db = JFactory::getDbo();
   $query = $db->getQuery(true)
   ->select('*')
   ->from($db->quoteName('users'))
   ->where($db->quoteName('id') . ' = ' . $db->quote($userId));
   $db->setQuery($query);
   $results = $db->loadObjectList();

2. Use $db->quote() and $db->quoteName() for all values and identifiers.