When using Doctrine2's EntityRepository::findBy()
do I still need to escape values I pass in?
$em->getRepository('User')->findBy(array('name' => $_POST['name']));
^ need to escape?
Short answer: no, you don't.
Long answer: escaping is a low-level database concern which a higher-level ORM like Doctrine abstracts for you. When working with Doctrine, you should only be concerned about querying your Domain Model, not about how that will be translated into the underlying persistence technology (in this case, a SQL query).
Detailed info about Doctrine ORM Security can be found here.