开发者

Automatic quoting MySQL queries doubts in Zend Framework

I've got few doubts regarding quoting mysql queries in Zend framework. Though this question has helped me a bit but few things are still confusing:

1) $table is Zend_Db_Table. Trying to fetch a row from the table.

$where[] = $db->quoteInto('id = ?', $id);
$where[] = $db->quoteInto('user_id = ?', $user_id);
$row = $table->fetchRow($where);

Do I need to use quoteInto here or would it be automatically quoted in fetchRow? What'd be the better way for this kind of query? Could 2 of the quoteInto be merged into one, if required at all?

2) $tabl开发者_Python百科e is Zend_Db_Table. Trying to save a row in the table.

$tablerow = $table->createRow();
$rowdata = array('id' => $id, 'user_id' => $user_id);
$tablerow->setFromArray($rowdata);
$ret = $tablerow->save();

Do I need to use some sort of quote function here?

3) $table is Zend_Db_Table. Trying to update a row in the table.

$row = $table->fetchRow($where);
$row->name = $name; 
$row->save();

Do I need to quote $name in second step?

4) General query

A)

$sql = "SELECT * FROM users where id=? and name=?";
$results = $db->fetchAll($sql, array($id, $name));

Do I need to quote here?

B)

$sql =  "SELECT * FROM users where id=? and name=?";
$stmt = $db->query($sql, array($id, $name)); 
$result = $stmt->fetchAll();

Do I need to quote here?

C) Which of the A or B is better for a general query?


Regardless of the answer, I think it might be useful to write some tests so you can be certain it's doing what you want it to do. Set up a test database and create some unit tests with PHPUnit or whatever test framework you like.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜