开发者

Is the Zend_Db_Table_Abstract->insert() function safe?

I am using the insert() function from Zend_Db_Table_Abstract.

The data being inserted is user input, so naturally I am curious if ZF does the data cleansing for me, or if I should d开发者_开发百科o it myself before I call the insert() function.


When you need to use quoting (quote(), quoteInto()) with Zend_Db_Table:

  • insert (no)
  • update (yes)
  • delete (yes)
  • querying with SQL using the adapter directly (yes).

Use quotes with Zend_Db_Table_Select (usually not); make sure you examine the output of the query.

Here's a great answer from one of the authors of Zend_Db (avoiding MySQL injections with the Zend_Db class).


The Zend_Db insertion method sanitizes the parameters sent.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜