Hi Gareth,
the method that you show us have a security problem: inject sql. You need to
check what kind of parameter the user is sending.
if (!in_array($parameter, array('asc', 'desc'))) {
//do something
} else {
//execute the query
}
bye
Augusto Morais
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
