You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+16Lines changed: 16 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -286,3 +286,19 @@ class Floor extends FunctionNode implements TypedExpression
286
286
}
287
287
288
288
```
289
+
290
+
## Literal strings
291
+
292
+
Stub files in phpstan-doctrine come with many parameters marked with `literal-string`. This is a security-focused type that only allows literal strings written in code to be passed into these parameters.
293
+
294
+
This reduces risk of SQL injection because dynamic strings from user input are not accepted in place of `literal-string`.
295
+
296
+
An example where this type is used is `$sql` parameter in `Doctrine\Dbal\Connection::executeQuery()`.
297
+
298
+
To enable this advanced type in phpstan-doctrine, use this configuration parameter:
0 commit comments