Reputation: 71
Does using this class: http://api.symfony.com/2.0/Symfony/Component/HttpFoundation/Request.html
as opposed to $_GET and $_POST project against sql injection.
I mostly use findby and findoneby but I do have a general search that I made that I'm worried about.
I'm using $this->getDoctrine()->getManager()->createQuery("query") for the search.
Upvotes: 1
Views: 3508
Reputation: 29912
As long as you use doctrine's built in methods or you write your own DQL statement using placeholders and parameters, you will not running into any risk.
Take a look at this page
In your specific case, as you didn't provide a real example, I cannot evaluate but I think that you are exposing your database to sql-injection. A soution, ad I told you here, is to use query builder along with placeholders and parameters.
Upvotes: 1