On Fri, 18 Jun 2021 at 11:45 am, Guilliam Xavier <guilliam.xav...@gmail.com> wrote:
> IIUC, with the addition of integers, the function will return true for e.g. > `'SELECT * FROM foo LIMIT ' . (int)$limit` even if $limit doesn't come from > a "static" value (e.g. random_int() or even `$_GET['limit']`) Yes, that’s correct. Supporting integers from any source helps with adoption, and we cannot find any security issues (it’s a fairly small change to the RFC, and that prompted the new name, especially as the original is_literal wasn’t perfect).
