fixing issue #2814

Replaced the code examples for `set()` to show that the value parameter is not escaped and thus could pose an SQL injection vulnerability.

fixing issue #2814
Replaced the code examples for `set()` to show that the value parameter is not escaped and thus could pose an SQL injection vulnerability.
68990405 · Bertold von Dormilich · GitHub · 49bf43bb · 68990405
Commit 68990405 authored Aug 18, 2017 by Bertold von Dormilich Committed by GitHub Aug 18, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

QueryBuilder.php lib/Doctrine/DBAL/Query/QueryBuilder.php +3 -3

No files found.
--- a/lib/Doctrine/DBAL/Query/QueryBuilder.php
+++ b/lib/Doctrine/DBAL/Query/QueryBuilder.php
@@ -540,7 +540,7 @@ class QueryBuilder
     * <code>
     *     $qb = $conn->createQueryBuilder()
     *         ->update('users', 'u')
-     *         ->set('u.password', md5('password'))
+     *         ->set('u.last_login', 'NOW()')
     *         ->where('u.id = ?');
     * </code>
     *
@@ -733,7 +733,7 @@ class QueryBuilder
     * <code>
     *     $qb = $conn->createQueryBuilder()
     *         ->update('users', 'u')
-     *         ->set('u.password', md5('password'))
+     *         ->set('u.last_login', 'NOW()')
     *         ->where('u.id = ?');
     * </code>
     *
@@ -765,7 +765,7 @@ class QueryBuilder
     *     $or->add($qb->expr()->eq('u.id', 2));
     *
     *     $qb->update('users', 'u')
-     *         ->set('u.password', md5('password'))
+     *         ->set('u.last_login', 'NOW()')
     *         ->where($or);
     * </code>
     *