Hi,
I have a 3 inputs of searches that make queries to the database and I get the data obtained. So a malicious user can circumvent my system and get other information.
By analyzing the behavior I use for the user to interact with my system, how could I prevent them from attacking?
$numeros = $request->getParameter('campoPesquisaNumero');
$anos = $request->getParameter('campoPesquisaAno');
$ementas = $request->getParameter('campoPesquisaEmenta');
if($numero !== '' || $ano !== '' || $ementa !== '')
{
$pesquisar = Doctrine::getTable('tblicitacoes')
->createQuery('l')
->select('l.*')
->where('l.numero LIKE \'%' . $numero . '%\' AND l.ano LIKE \'%' . $ano . '%\' AND l.ementa LIKE \'%'. $ementa .'%\' ')
->andWhere('l.publicar = 1 OR l.publicar = "Y"')
->orderBy('l.licitacoes_data DESC')
->execute();
}