Doctrine DBAL
  1. Doctrine DBAL
  2. DBAL-919

[GH-615] Add sanitization for IN() expressions

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Security Level: All
    • Labels:
      None

      Description

      This issue is created automatically through a Github pull request on behalf of dbehrman:

      Url: https://github.com/doctrine/dbal/pull/615

      Message:

      The current IN() expression is vulnerable to SQL injection and should be sanitized. It should be noted that the default is set to string because this works for all types including numeric values. However, this method can be slow for large lists. A recent test of 8,000 values too about .38 seconds. Numeric values only take about .015 seconds for the same data set.

        Activity

        Hide
        Doctrine Bot added a comment -

        A related Github Pull-Request [GH-615] was assigned:
        https://github.com/doctrine/doctrine2/pull/615

        Show
        Doctrine Bot added a comment - A related Github Pull-Request [GH-615] was assigned: https://github.com/doctrine/doctrine2/pull/615
        Hide
        Doctrine Bot added a comment -

        A related Github Pull-Request [GH-615] was closed:
        https://github.com/doctrine/doctrine2/pull/615

        Show
        Doctrine Bot added a comment - A related Github Pull-Request [GH-615] was closed: https://github.com/doctrine/doctrine2/pull/615

          People

          • Assignee:
            Benjamin Eberlei
            Reporter:
            Doctrine Bot
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: