Zend Database Escape Parameter

Using PHP if you wanted to write a simple query and escape a single parameter inline in an sql statement you could use the mysql_real_escape_string() function, which has been a standard function in PHP for a long time.

$id = mysql_result(mysql_query("SELECT `id` FROM `table` WHERE `field` = '".mysql_real_escape_string($value)."; LIMIT 1"),0);

When using the Zend database abstraction class there is a different way though. You would use the zend database quote() function. Note that the zend database quote() function escapes the value and also adds single quotes around the escaped value.

$id = $zend->database->fetchOne("SELECT `id` FROM `table` WHERE `field` = ".$zend->database->quote($value)." LIMIT 1");

About this entry

You’re currently reading “Zend Database Escape Parameter,” an entry on PHP Functionalism

Published:: 10.17.11 / 5pm

Category:: Zend

Tags:

No comments

Jump to comment form | comments rss [?] | trackback uri [?]

Have your say

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" highlight="">

Recently

Categories

Monthly Archives