I read in prestashop forum that the function Tools::getValue() do not escape sql injection. Now I wonder how I can prevent this function from sql injection when I want to get string or int value?
Can somebody show me example?
Tools::getValue() only retrieves POST or GET value.
To prevent SQL injection you can use pSQL() function or for int values you can do typecasting.
$int_val = (int)Tools::getValue('someValue');
$string_val = pSQL(Tools::getValue('someValue'));