Hi Gareth,
the method that you show us have a security problem: inject sql. You need to check what kind of parameter the user is sending. if (!in_array($parameter, array('asc', 'desc'))) { //do something } else { //execute the query } bye Augusto Morais -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en