From 788b02953766ef9f8f5faa3dd12876d2a8276a52 Mon Sep 17 00:00:00 2001
From: Christophe H
 <65390576+christophe-havard-sonarsource@users.noreply.github.com>
Date: Mon, 10 Jan 2022 18:06:46 +0100
Subject: [PATCH] new vuln

---
 phpdoc-demo.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/phpdoc-demo.php b/phpdoc-demo.php
index de16dab..70d2a15 100644
--- a/phpdoc-demo.php
+++ b/phpdoc-demo.php
@@ -18,11 +18,14 @@ public function sqlQuery1(Request $request)
         $username = $statement->fetchColumn();
         return $this->json(['email' => $username]);
     }
-    public function toto()
+    public function newVulnFunction(Request $request)
     {
-        /**
-        * nothing
-        */
+        $userId = $request->get('id');
+        $sql = "SELECT username FROM user WHERE id='$userId'";
+        $statement = $this->connection->prepare($sql);
+        $statement->execute();
+        $username = $statement->fetchColumn();
+        return $this->json(['email' => $username]);
     }
     
 }