Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am using the insert() function from Zend_Db_Table_Abstract.
The data being inserted is user input, so naturally I am curious if ZF does the data cleansing for me, or if I should do it myself before I call the insert() function.
When you need to use quoting (
quote(),quoteInto()) withZend_Db_Table:insert(no)update(yes)delete(yes)Use quotes with
Zend_Db_Table_Select(usually not); make sure you examine the output of the query.Here’s a great answer from one of the authors of Zend_Db (avoiding MySQL injections with the Zend_Db class).