*Not supported*ZfTable 3.1. Awesome ZF2 table / grid (and much much more) generator with huge possibilities of decorating and conditioning. Integrated with DataTables, Doctrine 2, Bootstrap 2.0 and 3.0.
There is a sql injection on zftable for doctrine, I didn't tested the problem when zend table is used.
The problem originates in the usage of filters in ZfTable/src/ZfTable/Example/TableExample/Doctrine.php at $query->where("q.name like '%".$value."%' ");. There $value could be a malicious string which causes the sql injection.
There is a sql injection on zftable for doctrine, I didn't tested the problem when zend table is used.
The problem originates in the usage of filters in ZfTable/src/ZfTable/Example/TableExample/Doctrine.php at $query->where("q.name like '%".$value."%' ");. There $value could be a malicious string which causes the sql injection.
To do the correct query it should be like in http://docs.doctrine-project.org/en/2.0.x/reference/query-builder.html using query builder of doctrine and creating the correct query expression for the where or using a parametrised query.
If I have some time I will try to fix the problem and make a pull request.