$value = "O'Reilly"; $quotedValue = $conn->quote($value); $query = "SELECT * FROM books WHERE author = $quotedValue"; $result = $conn->query($query);
$id = $_GET['id']; $quotedId = $conn->quote($id); $query = "SELECT * FROM users WHERE id = $quotedId"; $result = $conn->query($query);In this example, the `$id` variable is read from a HTTP request parameter and should be validated before being used in an SQL query. The `Connection quote` method is called on the `$conn` object to escape the value and store the result in `$quotedId`. The `$quotedId` variable is then used in the SQL query to avoid SQL injection attacks. The `Connection quote` method is part of the `Doctrine\DBAL\Connection` class, which is part of the Doctrine\DBAL package library.