Fix #67
When using user' input in SQL queries, it's recommended to use parameters in prepared queries to avoid SQL Injections. The issue reported in ticket #67 is a typical SQL inject, in which it would have been super easy for an attacker to query kbin' DB.
SearchRepository.php is the only file I checked, so I don't know if this kind of issues also exists elsewhere, but it would be good to perform a review as kbin is growing and security will be a concern for many.
Fix #67
When using user' input in SQL queries, it's recommended [to use parameters in prepared queries](https://www.doctrine-project.org/projects/doctrine-dbal/en/current/reference/data-retrieval-and-manipulation.html#dynamic-parameters-and-prepared-statements) to avoid SQL Injections. The issue reported in ticket #67 is a typical SQL inject, in which it would have been super easy for an attacker to query kbin' DB.
SearchRepository.php is the only file I checked, so I don't know if this kind of issues also exists elsewhere, but it would be good to perform a review as kbin is growing and security will be a concern for many.