The Doctrine library is operating very close to your database and as such needs to handle and make assumptions about SQL injection vulnerabilities.
It is vital that you understand how Doctrine approaches security because we cannot protect you from SQL injection.
Please read the documentation chapter on Security in Doctrine DBAL to understand the assumptions we make.
If you find a Security bug in Doctrine, please follow our Security reporting guidelines.
Security vulnerabilities should be reported to security@doctrine-project.org and not posted on the GitHub issue tracker of the project.