From 20ba9e0d39190773d2c7d1b75b1bd738ca46b7b5 Mon Sep 17 00:00:00 2001 From: WouterJ Date: Mon, 3 Feb 2014 16:35:31 +0100 Subject: [PATCH] Readded small note about parameters --- book/doctrine.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/book/doctrine.rst b/book/doctrine.rst index 420f45d6f6a..1967b2f5d62 100644 --- a/book/doctrine.rst +++ b/book/doctrine.rst @@ -742,6 +742,12 @@ The ``QueryBuilder`` object contains every method necessary to build your query. By calling the ``getQuery()`` method, the query builder returns a normal ``Query`` object, which can be used to get the result of the query. +.. tip:: + + Take note of the ``setParameter()`` method. When working with Doctrine, + it's always a good idea to set any external values as "placeholders" + (``:price`` in the example above) as it prevents SQL injection attacks. + The ``getResult()`` method returns an array of results. To get only one result, you can use ``getSingleResult()`` (which throws exception there is no result) or ``getOneOrNullResult()``::