>
> So, in your code you can do the following (this example could be more
> secure...)
>
Indeed yes. You should not assume that just because an id value was passed
as a param, that it corresponds to a primary key value that exists in the
database. The fetchRow() method could return null if no row is found.
Here's an alternative code fragment, that I think is more secure and simpler
too:
$table = new My_Table();
// Creating an empty Row object is inexpensive,
// so do this up front and it'll be the default.
$row = $table->createRow();
// Coerce the param into an integer for safety reasons.
// Default to zero, which isn't typically used in auto-generated primary
keys.
$id = (int) $this->_request->getParam('id', 0);
if ($id) {
// Use the find() method for primary key lookups,
// so you don't have to play with quoteInto().
$rowset = $table->find($id);
// If no row exists with that PK value, the rowset will be empty.
// If row exists, use it to replace the empty row you created earlier.
if (count($rowset)) {
$row = $rowset->current();
}
}
// Regardless of whether the row is empty or fetched from the DB,
// now you can set fields and save.
$row->bla = 'bla';
$row->save();
Regards,
Bill Karwin
--
View this message in context: http://www.nabble.com/Zend_Db_Table---Row---Rowset-tp18817752p18819145.html
Sent from the Zend DB mailing list archive at Nabble.com.
没有评论:
发表评论