From 719496b46e03b3b23d2d75633fc201103791e23f Mon Sep 17 00:00:00 2001
From: cgocast <c.gouttebroze@castsoftware.com>
Date: Fri, 21 Jul 2023 15:27:47 +0200
Subject: [PATCH] #10030 Add PDOStatement::bindValuebindValue() and
 PDOStatement::bindParam() as sources for TaintedSql

---
 stubs/extensions/pdo.phpstub | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/stubs/extensions/pdo.phpstub b/stubs/extensions/pdo.phpstub
index 039b565e2d7..aec4965477c 100644
--- a/stubs/extensions/pdo.phpstub
+++ b/stubs/extensions/pdo.phpstub
@@ -150,6 +150,16 @@ class PDOStatement implements Traversable
      * @return false|T
      */
     public function fetchObject($class = \stdclass::class, array $ctorArgs = array()) {}
+
+    /**
+     * @psalm-taint-sink sql $value
+     */
+    public function bindValue(string|int $param, mixed $value, int $type = PDO::PARAM_STR): bool {}
+
+    /**
+     * @psalm-taint-sink sql $var
+     */
+    public function bindParam(string|int $param, mixed &$var, int $type = PDO::PARAM_STR, int $maxLength = 0, mixed $driverOptions = null): bool {}
 }
 
  class PDOException extends RuntimeException {