Nicholas Robertson
Nicholas Robertson

Reputation: 71

Does Symfony 2 request object protect against sql injection

Does using this class: http://api.symfony.com/2.0/Symfony/Component/HttpFoundation/Request.html

as opposed to $_GET and $_POST project against sql injection.

I mostly use findby and findoneby but I do have a general search that I made that I'm worried about.

I'm using $this->getDoctrine()->getManager()->createQuery("query") for the search.

Upvotes: 1

Views: 3508

Answers (1)

DonCallisto
DonCallisto

Reputation: 29912

As long as you use doctrine's built in methods or you write your own DQL statement using placeholders and parameters, you will not running into any risk.

Take a look at this page

In your specific case, as you didn't provide a real example, I cannot evaluate but I think that you are exposing your database to sql-injection. A soution, ad I told you here, is to use query builder along with placeholders and parameters.

Upvotes: 1

Related Questions