I am writing a console application in symfony, and I need to ensure that SQL scripts are not executed and not processed in any way, but simply written to a file as strings.

Some scripts, where there are no inside the particles 'id', 'user' and so on, work correctly, but as they appear, the script exits another at the output.

Commands to the terminal are sent like this:

php app.php script:add <script>

Where <script> is my script, written in double quotes.

It is necessary to screen or isolate the script so that it does not change.

  • in single quotes does not fit? just in double you need to screen a lot of things. - duhon
  • On symfony, it's better to run bin/console script:add --sql="<script>" , and not php app.php script:add "<script>" . Write an example that breaks the application, because it is not so visible that it is not shielded. - luchaninov

0