is there a way to just escape (analagous to msqli_real_escape_string)? The docs mention escaping and quoting and just mention quote, quoteInto functions.
-jonathan
-jonathan
From: Jaka Jančar <jaka@kubje.org>
To: water <zflist@yahoo.com>
Cc: fw-db@lists.zend.com
Sent: Saturday, January 31, 2009 9:16:23 AM
Subject: Re: [fw-db] question about using a like statement in a select
That's the way it should work. It _QUOTES_ the value, not escapes certian chars.
Use:
$sql="select id, headline, body from node where body like " . $this->_db->quote('%' . $query . '%');
On 31. Jan 2009, at 18:12, water wrote:
I'm having a problem using quoting and a like statement with somehting like this:
<?php
class Query extends Zend_Db_Table{
public function getMenuResults($query){
$sql="select id, headline, body from node where body like '%".$this->_db->quote($query)."%'";
echo $sql."<br/>";
//outputting: select id, headline, body from node where body like '%'some'%'
with problem being inner single quotes.
Is there a way to call quote without it putting the surrounding single quotes. This is actually a larger issue (and I'd probably consider a bug for things like 'select * from menu where id=23' where adding a set of single quotes around 23 adds time to query processing on MySQL.
I don't want to get into the syntax of ZF's select statement as I don't see much advantage to it to writing straight SQL.
thanks,
jonathan
没有评论:
发表评论