Nope, you've got to quote one parameter at a time
$t = new MailUser();
$db = $t->getAdapter();
$where = array($db->quoteInto('email = ?', $_POST['email']),
$db->quoteInto('password = ?', $_POST['oldp']);
$r = $t->fetchRow($where);
And perhaps some filtering of your $_POST data may be a good idea,
too ;-)
Hi All,
Is this the correct way to fetch a row and quoting:
$t=new MailUser; // zend_db_table
$r=$t->fetchRow( "email=? and password=?", array( $_POST['email'],
$_POST['oldp']) );
But it does not work.. Please help
--
Simon Mundy | Director | PEPTOLAB
""" " "" """""" "" "" """"""" " "" """"" " """"" " """""" "" "
202/258 Flinders Lane | Melbourne | Victoria | Australia | 3000
Voice +61 (0) 3 9654 4324 | Mobile 0438 046 061 | Fax +61 (0) 3 9654
4124
http://www.peptolab.com
