
Wolff: Ridiculously small PHP framework for building web apps - usbac
https://github.com/Usbac/wolff
======
chupa-chups
Is this just to promote PHP?

There's about no code at all in this repo :)

This is a typical source file:
[https://github.com/Usbac/wolff/blob/master/system/definition...](https://github.com/Usbac/wolff/blob/master/system/definitions/Routes.php)

And this is the largest and apparently the only one having more than 3 LOC,
aside from index.php with 7:
[https://github.com/Usbac/wolff/blob/master/system/utilities/...](https://github.com/Usbac/wolff/blob/master/system/utilities/Upload.php)

Nevertheless i upvoted your submission, since if this is sincere, it really
shows how easy it is with PHP to create an MVP.

~~~
usbac
That is because it is the main repo, the core files of the framework are
available in [https://github.com/Usbac/wolff-
framework](https://github.com/Usbac/wolff-framework) :) Thanks!

~~~
chupa-chups
This looks way more like an actual framework :)

But why is it prone to sql injection?

[https://github.com/Usbac/wolff-
framework/blob/master/system/...](https://github.com/Usbac/wolff-
framework/blob/master/system/core/DB.php) (Line 294)

(This was the first LOC I randomly picked)

Oh well, I better stop looking further.

[https://stackoverflow.com/questions/60174/how-can-i-
pr](https://stackoverflow.com/questions/60174/how-can-i-pr)

~~~
usbac
The table names, column names and conditions cannot be binded into the PDO
queries as parameters. The schema functions and fast functions of the DB class
are not supposed to be used with user generated input.

But anyway, I updated the framework and now any character that is not a
letter, number or underscore is removed from the parameters that represent a
table or column name. Also, a warning has been added to those function
documentation's thanks to your comment.

Thank you :)

