Skip to content


DBAL-919: [GH-615] Add sanitization for IN() expressions #2160

doctrinebot opened this Issue · 3 comments

2 participants


Jira issue originally created by user @doctrinebot:

This issue is created automatically through a Github pull request on behalf of dbehrman:

Url: #615


The current IN() expression is vulnerable to SQL injection and should be sanitized. It should be noted that the default is set to string because this works for all types including numeric values. However, this method can be slow for large lists. A recent test of 8,000 values too about .38 seconds. Numeric values only take about .015 seconds for the same data set.


Issue was closed with resolution "Won't Fix"


Comment created by @doctrinebot:

A related Github Pull-Request [GH-615] was assigned:


Comment created by @doctrinebot:

A related Github Pull-Request [GH-615] was closed:

@doctrinebot doctrinebot added the Bug label
@beberlei beberlei was assigned by doctrinebot
@doctrinebot doctrinebot closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.