Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
Never Ever2021-10-08 12:28:19
symfony
Never Ever, 2021-10-08 12:28:19

Does expr()->literal() protect against SQL injection?

They make a filter and have doubts about such a decision. Is SQL injection possible? If so, how to solve.

$orStatements = $this->queryBuilder->expr()->orX();
foreach ($result as $value) {
    $orStatements->add(
        $this->queryBuilder->expr()->like('table.column', $this->queryBuilder->expr()->literal('%' . $value . '%'))
    );
}
$this->queryBuilder->andWhere($orStatements);

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
sl0, 2021-10-08
@sl0

https://www.doctrine-project.org/projects/doctrine...
You are NOT safe from SQL injection when using user input with:
Expression API of Doctrine\ORM\QueryBuilder
Concatenating user input into DQL SELECT, UPDATE or DELETE statements or Native SQL.

Similar questions
B
BonBon Slick2018-09-12 21:43:18
How to test a popup with a functional test? 1Reply
E
enigma20302021-11-23 11:08:39
Is it possible to create a migration per entity? 2Reply
D
Dark_Dante2021-11-25 09:19:46
Why is only one Mock object created? 0Reply
J
justdance2014-02-11 12:44:00
How to configure nginx engine (rewrite rule) under Symfony2? 1Reply
G
grabbee2021-11-27 20:16:11
How to make an optional entity in Symfony? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question