Automatic quoting MySQL queries doubts in Zend Framework
I've got few doubts regarding quoting mysql queries in Zend framework. Though this question has helped me a bit but few things are still confusing:
1) $table is Zend_Db_Table. Trying to fetch a row from the table.
$where[] = $db->quoteInto('id = ?', $id);
$where[] = $db->quoteInto('user_id = ?', $user_id);
$row = $table->fetchRow($where);
Do I need to use quoteInto here or would it be automatically quoted in fetchRow? What'd be the better way for this kind of query? Could 2 of the quoteInto be merged into one, if required at all?
2) $tabl开发者_Python百科e is Zend_Db_Table. Trying to save a row in the table.
$tablerow = $table->createRow();
$rowdata = array('id' => $id, 'user_id' => $user_id);
$tablerow->setFromArray($rowdata);
$ret = $tablerow->save();
Do I need to use some sort of quote function here?
3) $table is Zend_Db_Table. Trying to update a row in the table.
$row = $table->fetchRow($where);
$row->name = $name;
$row->save();
Do I need to quote $name in second step?
4) General query
A)
$sql = "SELECT * FROM users where id=? and name=?";
$results = $db->fetchAll($sql, array($id, $name));
Do I need to quote here?
B)$sql = "SELECT * FROM users where id=? and name=?";
$stmt = $db->query($sql, array($id, $name));
$result = $stmt->fetchAll();
Do I need to quote here?
C) Which of the A or B is better for a general query?
Regardless of the answer, I think it might be useful to write some tests so you can be certain it's doing what you want it to do. Set up a test database and create some unit tests with PHPUnit or whatever test framework you like.
精彩评论