consider
$qb->expr()->like($field, $qb->expr()->literal('%' . $word . '%'));
where $word is from user input
Is this safe/secure?
I know using parameter binding would be preferred, but for the sake of
argument, let's say that's not available in this context.... ;-)
--
You received this message because you are subscribed to the Google Groups
"doctrine-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/doctrine-user.
For more options, visit https://groups.google.com/groups/opt_out.
