Update README

phpstan · Aug 5, 2024 · 0c7771b · 0c7771b
1 parent f7b533d
commit 0c7771b
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -286,3 +286,19 @@ class Floor extends FunctionNode implements TypedExpression
 }
 
 ```
+
+## Literal strings
+
+Stub files in phpstan-doctrine come with many parameters marked with `literal-string`. This is a security-focused type that only allows literal strings written in code to be passed into these parameters.
+
+This reduces risk of SQL injection because dynamic strings from user input are not accepted in place of `literal-string`.
+
+An example where this type is used is `$sql` parameter in `Doctrine\Dbal\Connection::executeQuery()`.
+
+To enable this advanced type in phpstan-doctrine, use this configuration parameter:
+
+```neon
+parameters:
+	doctrine:
+		literalString: true
+```