Skip to content

Loading…

DBAL-919: [GH-615] Add sanitization for IN() expressions #2160

Closed
doctrinebot opened this Issue · 3 comments

2 participants

@doctrinebot

Jira issue originally created by user @doctrinebot:

This issue is created automatically through a Github pull request on behalf of dbehrman:

Url: #615

Message:

The current IN() expression is vulnerable to SQL injection and should be sanitized. It should be noted that the default is set to string because this works for all types including numeric values. However, this method can be slow for large lists. A recent test of 8,000 values too about .38 seconds. Numeric values only take about .015 seconds for the same data set.

@doctrinebot

Issue was closed with resolution "Won't Fix"

@doctrinebot

Comment created by @doctrinebot:

A related Github Pull-Request [GH-615] was assigned:
doctrine/doctrine2#615

@doctrinebot

Comment created by @doctrinebot:

A related Github Pull-Request [GH-615] was closed:
doctrine/doctrine2#615

@doctrinebot doctrinebot added the Bug label
@beberlei beberlei was assigned by doctrinebot
@doctrinebot doctrinebot closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.