Does using this class: http://api.symfony.com/2.0/Symfony/Component/HttpFoundation/Request.html
as opposed to $_GET and $_POST project against sql injection.
I mostly use findby and findoneby but I do have a general search that I made that I'm worried about.
I'm using $this->getDoctrine()->getManager()->createQuery("query") for the search.
As long as you use doctrine's built in methods or you write your own DQL statement using placeholders and parameters, you will not running into any risk.
Take a look at this page
In your specific case, as you didn't provide a real example, I cannot evaluate but I think that you are exposing your database to sql-injection. A soution, ad I told you here, is to use query builder along with placeholders and parameters.
