Geek Answers Handbook

Mysql_real_escape_string with Zend

I am developing a web application using the zend framework. For select statements, I used the following path.

Example:

public function getData($name)
{
  $sql = "SELECT * from customer where Customer_Name = '$name'";
  return $this->objDB->getAdapter()->fetchAll ($sql);
}

It works great. But if I send the client name as:, the colvin placerequest failed. And I know that because of a single quote.

I used to use addlashes PHP function. But I saw that this is not a very good way to do this. This time I used the mysql_real_escape_stringPHP function .

The problem is the following warning.

Warning</b>: mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: Access denied for user 'ODBC'@'localhost' (using password: NO)

This is due to the feature mysql_real_escape_stringrequires a connection to the database being opened mysql_connect. My question is how can I use this with * Zend_DB * classes. I need to always use custom select queries. Please rate your other suggestions, if available.

thank

+5
4

, :

public function getData($name)
{
  $sql = "SELECT * from customer where Customer_Name = :name";
  return $this->objDB->getAdapter()->fetchAll ($sql, ['name' => $name]);
}

+2

, . , . - :

$quote_removed_name = str_replace("'","''",$name);

:

$sql = "SELECT * from customer where Customer_Name = '$quote_removed_name'";
+1

, :

quote():

quote() , . , , , . SQL - (').

'string' ( ), , - ( URL- GET)

$string = $this->parameters['string']; // This is like $_POST or $_GET
$string = $this->db->quote($string);
$string = substr($string, 1, strlen($string)-2);   
//The above line will remove quotes from start and end of string, you can skip it

$string, , mysql_real_escape_string

0

More articles:


All Articles