50 lines
1.5 KiB
PHP
50 lines
1.5 KiB
PHP
|
<?php
|
||
|
|
||
|
class ProductRepository extends ServiceEntityRepository
|
||
|
{
|
||
|
public function test1(int $price): array
|
||
|
{
|
||
|
$conn = $this->getEntityManager()->getConnection();
|
||
|
|
||
|
$sql = "SELECT * FROM product p WHERE p.price > " . $_GET['cur_price']. " ORDER BY p.price ASC";
|
||
|
// ruleid: doctrine-dbal-dangerous-query
|
||
|
$stmt = $conn->prepare($sql);
|
||
|
$stmt->execute(['price' => $price]);
|
||
|
|
||
|
return $stmt->fetchAllAssociative();
|
||
|
}
|
||
|
|
||
|
public function test2(): array
|
||
|
{
|
||
|
$conn = $this->getEntityManager()->getConnection();
|
||
|
|
||
|
// ruleid: doctrine-dbal-dangerous-query
|
||
|
$query = $conn->createQuery("SELECT u FROM User u WHERE u.username = '" . $_GET['username'] . "'");
|
||
|
$data = $query->getResult();
|
||
|
return $data;
|
||
|
}
|
||
|
|
||
|
public function okTest1(int $price): array
|
||
|
{
|
||
|
$conn = $this->getEntityManager()->getConnection();
|
||
|
$sql = "SELECT * FROM users WHERE username = ?";
|
||
|
// ok: doctrine-dbal-dangerous-query
|
||
|
$stmt = $conn->prepare($sql);
|
||
|
$stmt->bindValue(1, $_GET['username']);
|
||
|
$resultSet = $stmt->executeQuery();
|
||
|
return $resultSet;
|
||
|
}
|
||
|
|
||
|
public function okTest2(int $price): array
|
||
|
{
|
||
|
$conn = $this->foobar();
|
||
|
$sql = "SELECT * FROM users WHERE username = ?";
|
||
|
// ok: doctrine-dbal-dangerous-query
|
||
|
$stmt = $conn->prepare($sql);
|
||
|
$stmt->bindValue(1, $_GET['username']);
|
||
|
$resultSet = $stmt->executeQuery();
|
||
|
return $resultSet;
|
||
|
}
|
||
|
|
||
|
}
|