public function getAll(array $filters = [], $count = 10, $start = 0) { $temp = new Models\Picture(); //This along with pdo prepared statements should prevent a sql injection attack $columns = $this->converter->filterArrayToSqlColumns($filters, $temp); $whereClause = empty($columns) ? '' : 'WHERE ' . implode('=? AND ', array_keys($columns)) . '=?'; $query = $this->pdo->prepare("SELECT * FROM picture {$whereClause} LIMIT {$start}, {$count}"); $entities = $query->execute(array_values($columns)) ? $query->fetchAll(\PDO::FETCH_ASSOC) : []; return $this->converter->entityArraysToModels($entities, $temp); }