My Zend Framework 'quoting' mess.

Posted by tharkun on Stack Overflow See other posts from Stack Overflow or by tharkun
Published on 2009-07-22T22:44:14Z Indexed on 2010/03/13 2:07 UTC
Read the original article Hit count: 405

Filed under:
|
|
|

I've got a probably very simple issue to which I can't find a satisfactory (subjectively seen) answer in the Zend Framework manual or elsewhere...

There are so many ways how I can hand over my php variables to my sql queries that I lost the overview and probably I lack some understanding about quoting in general.

Prepared Statements

$sql =  "SELECT this, that
        FROM table
        WHERE id = ? AND restriction = ?";

$stmt = $this->_db->query($sql, array($myId, $myValue)); 
$result = $stmt->fetchAll();

I understand that with this solution I don't need to quote anything because the db handles this for me.

Querying Zend_Db_Table and _Row objects over the API

$users = new Users();

a) $users->fetchRow('userID = ' . $userID);  
b) $users->fetchRow('userID = ' . $users->getAdapter()->quote($userID, 'INTEGER'));  
c) $users->fetchRow('userID = ?', $userID);  
d) $users->fetchRow('userID = ?', $users->getAdapter()->quote($userID, 'INTEGER'));

Questions

I understand that a) is not ok because it's not quoted at all. But what about the other versions, what's the best? Is c) being treated like a statement and automatically quoted or do I need to use d) when I use the ? identifier?

© Stack Overflow or respective owner

Related posts about php

Related posts about zend-framework