Is the Zend_Db_Table_Abstract->insert() function safe?

I am using the insert() function from Zend_Db_Table_Abstract.

The data being inserted is user input, so naturally I am curious if ZF does the data cleansing for me, or if I should d开发者_开发百科o it myself before I call the insert() function.

When you need to use quoting (quote(), quoteInto()) with Zend_Db_Table:

• insert (no)
• update (yes)
• delete (yes)
• querying with SQL using the adapter directly (yes).

Use quotes with Zend_Db_Table_Select (usually not); make sure you examine the output of the query.

Here's a great answer from one of the authors of Zend_Db (avoiding MySQL injections with the Zend_Db class).

The Zend_Db insertion method sanitizes the parameters sent.