whamsicore
Reputation: 8700
Symfony/Doctrine: does model_object->save() filter value? (Prevent SQL injection)
I understand that Doctrine helps against SQL injection attacks. Does the model_object->save() command automatically escape unwanted characters, or do I have to write a custom input filter? Thanks.
Upvotes: 3
Views: 559
Answers (1)
Mihail Dimitrov
Reputation: 574
the exact answer to your question can be found in Doctrine manual implicit-validation.
More info can also be found there: Validator and Data Validation.
Regards.
Upvotes: 1
Related Questions
- Is this Doctrine query SQL injection-proof?
- Does Symfony 2 request object protect against sql injection
- Saving objects with Doctrine - selecting proper table
- Is Doctrine persist() safe from SQL injection?
- Doctrine 1 allowing SQL Injection?
- SQL injection in Symfony/Doctrine
- Doctrine2 security
- Doctrine and SQL Injection
- Is yii model save() method secure?
- Does Zend_DB / Doctrine protect me from SQL injection?