Potential SQL injection with user input detected.
- Rule ID: php_symfony_sql_injection
- Languages: php
- Source: sql_injection.yml
Including unsanitized data, such as user input or request data, in raw SQL queries makes your application vulnerable to SQL injection attacks.
❌ Avoid raw queries, especially those that contain unsanitized user input
$sql = "SELECT * FROM foo WHERE foo.bar > " . $_GET['oops']. " ORDER BY foo.bar ASC";
Instead, consider the following approaches when writing SQL queries
✅ Validate query input or use prepared statement wherever possible
$sql = "SELECT * FROM foo WHERE bar = '" . $conn->quote($_GET['bar']) . "'";
$sql = "SELECT * FROM users WHERE username = :user";
$stmt = $connection->prepare($sql);
$dql = "SELECT * FROM Foo WHERE bar = :bar";
$query = $em->createQuery($dql);
- Doctrine DBAL Security
- Doctrine SQL Query Builder Security
- OWASP SQL injection explained
- OWASP SQL injection prevention cheat sheet
OWASP Top 10
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=php_symfony_sql_injection
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=php_symfony_sql_injection
Ready to take the next step? Learn more about Bearer Cloud.