Is it possible for to sql inject a ZEND_DB_TABLE_ABSTRACT method? like for example $this->insert();

Question

0

Editorial Team

Asked: May 30, 20262026-05-30T09:08:17+00:00 2026-05-30T09:08:17+00:00

Is it possible for to sql inject a ZEND_DB_TABLE_ABSTRACT method? like for example $this->insert();

0

Is it possible for to sql inject a ZEND_DB_TABLE_ABSTRACT method?

like for example

 $this->insert();

edit for a more clearer explanation

Post values are :

'username' = 'admin';

'password' = '1;Drop table users;'

Here is the insert statement in the controller:

public function InsertAction() {
    $postValues =   $this->_request->getPost();
    $usersTable = new Application_Models_DbTable_Users();
    $username = $postValues['username'];
    $password = $postValues['password'];
    $data = array('username'=>$username,'password'=>$password);
    $users->insert($data);
}

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-30T09:08:19+00:00

Editorial Team

2026-05-30T09:08:19+00:00Added an answer on May 30, 2026 at 9:08 am

Yes, it is possible, but in the usual uses of insert() it’s not probable. Unless you are using Zend_Db_Expr, you should be safe, because insert() uses prepared statements.

See this post from Bill Karwin for other methods and details.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Is it possible for to sql inject a ZEND_DB_TABLE_ABSTRACT method? like for example $this->insert();

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply