When using Doctrine2’s EntityRepository::findBy() do I still need to escape values I pass in?

Question

0

Asked: May 27, 20262026-05-27T16:58:08+00:00 2026-05-27T16:58:08+00:00

When using Doctrine2’s EntityRepository::findBy() do I still need to escape values I pass in?

0

When using Doctrine2’s EntityRepository::findBy() do I still need to escape values I pass in?

$em->getRepository('User')->findBy(array('name' => $_POST['name']));
                                                   ^ need to escape?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T16:58:09+00:00

Editorial Team

2026-05-27T16:58:09+00:00Added an answer on May 27, 2026 at 4:58 pm

Short answer: no, you don’t.

Long answer: escaping is a low-level database concern which a higher-level ORM like Doctrine abstracts for you. When working with Doctrine, you should only be concerned about querying your Domain Model, not about how that will be translated into the underlying persistence technology (in this case, a SQL query).

Detailed info about Doctrine ORM Security can be found here.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

When using Doctrine2’s EntityRepository::findBy() do I still need to escape values I pass in?

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply