From e5ec5fb1d9cbb6835300263ed03a90a7d32eb11a Mon Sep 17 00:00:00 2001
From: D'Ali Ben Macha <contact@benmacha.tn>
Date: Wed, 27 Aug 2025 23:54:56 +0200
Subject: [PATCH] Fix #120: SQL Injection Vulnerability in PostgreSQL Driver

---
 src/Ting/Driver/Pgsql/Driver.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Ting/Driver/Pgsql/Driver.php b/src/Ting/Driver/Pgsql/Driver.php
index 9d4a5670..9aba51da 100755
--- a/src/Ting/Driver/Pgsql/Driver.php
+++ b/src/Ting/Driver/Pgsql/Driver.php
@@ -440,8 +440,8 @@ public function getInsertId()
      */
     public function getInsertedIdForSequence($sequenceName)
     {
-        $sql = "SELECT currval('$sequenceName')";
-        $resultResource = @pg_query($this->connection, $sql);
+        $sql = "SELECT currval($1)";
+        $resultResource = @pg_query_params($this->connection, $sql, [$sequenceName]);
 
         if ($resultResource === false) {
             throw new QueryException(pg_last_error($this->connection) . ' (Query: ' . $sql . ')');