update readme

l3pp4rd · l3pp4rd · commit 26856a662b17 · 2015-08-11T13:50:59.000+03:00
diff --git a/README.md b/README.md
@@ -228,6 +228,10 @@ refer to direct values, so the where statement does not need to be modified. But
 use custom options. In that case we need an `applyFilter` option to be set as a callable so the QueryBuilder could be modified
 accordingly based on our custom options.
 
+**NOTE:** if you manage custom filtering, be sure to use parameters or use `$qb->expr()->literal("string")` to prevent
+SQL injections. Also if you have custom filter handler, you must manage all your filters, the default handler will not
+be active.
+
 So how the view has changed:
 
 ``` twig
