From 9bd991021abbcbfb19347a07dca8b7e518b8abc9 Mon Sep 17 00:00:00 2001
From: Muhammad Usman <hi@usman.it>
Date: Sat, 16 Nov 2019 12:20:50 +0000
Subject: [PATCH] Security fix for SQL Injection vulnerability Thanks to
 https://snyk.io/ for finding the bug.

---
 README.md                                       | 10 +++++-----
 src/Pixie/QueryBuilder/Adapters/BaseAdapter.php |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 039b9bc..caba054 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ The syntax is quite similar to Laravel's query builder.
 require 'vendor/autoload.php';
 
 // Create a connection, once only.
-$config = array(
+$config = [
             'driver'    => 'mysql', // Db driver
             'host'      => 'localhost',
             'database'  => 'your-database',
@@ -29,11 +29,11 @@ $config = array(
             'charset'   => 'utf8', // Optional
             'collation' => 'utf8_unicode_ci', // Optional
             'prefix'    => 'cb_', // Table prefix, optional
-            'options'   => array( // PDO constructor options, optional
+            'options'   => [ // PDO constructor options, optional
                 PDO::ATTR_TIMEOUT => 5,
                 PDO::ATTR_EMULATE_PREPARES => false,
-            ),
-        );
+            ],
+        ];
 
 new \Pixie\Connection('mysql', $config, 'QB');
 ```
@@ -659,4 +659,4 @@ Here are some cases where Query Events can be extremely helpful:
 ___
 If you find any typo then please edit and send a pull request.
 
-&copy; 2016 [Muhammad Usman](http://usman.it/). Licensed under MIT license.
+&copy; 2020 [Muhammad Usman](http://usman.it/). Licensed under MIT license.
diff --git a/src/Pixie/QueryBuilder/Adapters/BaseAdapter.php b/src/Pixie/QueryBuilder/Adapters/BaseAdapter.php
index 5b1e0a4..d6248c1 100644
--- a/src/Pixie/QueryBuilder/Adapters/BaseAdapter.php
+++ b/src/Pixie/QueryBuilder/Adapters/BaseAdapter.php
@@ -65,8 +65,8 @@ public function select($statements)
         }
 
         // Limit and offset
-        $limit = isset($statements['limit']) ? 'LIMIT ' . $statements['limit'] : '';
-        $offset = isset($statements['offset']) ? 'OFFSET ' . $statements['offset'] : '';
+        $limit = isset($statements['limit']) ? 'LIMIT ' . (int) $statements['limit'] : '';
+        $offset = isset($statements['offset']) ? 'OFFSET ' . (int) $statements['offset'] : '';
 
         // Having
         list($havingCriteria, $havingBindings) = $this->buildCriteriaWithType($statements, 'havings', 'HAVING');