The Doctrine library is operating very close to your database and as such needs to handle and make assumptions about SQL injection vulnerabilities.
It is vital that you understand how Doctrine approaches security, because we cannot protect you from SQL injection.
Please read the documentation chapter on Security in Doctrine DBAL and ORM to understand the assumptions we make.
If you find a Security bug in Doctrine, please follow our Security reporting guidelines.