Commit bb27be8c authored by Ujjwal Ojha's avatar Ujjwal Ojha

Update security.rst

parent 54154dfe
...@@ -74,7 +74,7 @@ example is also a threat to DQL queries. ...@@ -74,7 +74,7 @@ example is also a threat to DQL queries.
// DQL is not safe against arbitrary user-input as well: // DQL is not safe against arbitrary user-input as well:
$dql = "SELECT u FROM User u WHERE u.username = '" . $_GET['username'] . "'"; $dql = "SELECT u FROM User u WHERE u.username = '" . $_GET['username'] . "'";
In this scenario an attacker could still pass a username set to `' OR 1 = 1` and create a valid DQL query. In this scenario an attacker could still pass a username set to ``' OR 1 = 1`` and create a valid DQL query.
Although DQL will make use of quoting functions when literals are used in a DQL statement, allowing Although DQL will make use of quoting functions when literals are used in a DQL statement, allowing
the attacker to modify the DQL statement with valid literals cannot be detected by the DQL parser, it the attacker to modify the DQL statement with valid literals cannot be detected by the DQL parser, it
is your responsibility. is your responsibility.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment