All you have to do is have your query as a parameter in the quoteInto
Function. You can also concatenate your queries that require more than one
parameter. The quoteInto function only accepts one parameter.
in cases like yours with 3 parameters you will definitely need to
contatenate your queries using this function.
Something like this
$sql = $db->quoteInto('select EventName FROM Event WHERE
EventName=?',$form_data) . $db->quoteInto('AND EventID !=?', $request);
This is what the ZF Doc says regarding quoting your statements:
[QUOTE]
Note
The values and identifiers in the SQL expression are not quoted for you. If
you have values or identifiers that require quoting, you are responsible for
doing this. Use the quote(), quoteInto(), and quoteIdentifier() methods of
the database adapter.
[/QUOTE]
read more http://framework.zend.com/manual/en/zend.db.table.html
tony stamp wrote:
>
> Hello
>
> Just a quick question - when updating a row in a database, i usually do:
>
> $query = "update foo set bar = ?, baz = ?, goon = ?";
> $sth->execute($query, array('a', 'b', 'c');
>
> where i know that the db abstraction layer will apply quoting to make the
> values safe.
>
> If i'm using zend_db_table_row to update a database row, eg
>
> $row->name = $name;
> $row->surname = $surname;
> $row->save();
>
> ... will quoting also be applied to the row before saving, or is that the
> responsibility of the row to implement ie subclassing and performing
> validation on the properties before an update?
>
-----
dee
--
View this message in context: http://www.nabble.com/zend_db_table_row-and-quoting-tp19177390p19179720.html
Sent from the Zend DB mailing list archive at Nabble.com.
没有评论:
发表评论