In the case of insert(), Zend_Db uses prepared queries to separate the
values from the SQL. So the SQL prepared is
INSERT INTO "tablename" ("created_on", "bug_description",
"bug_status") VALUES (?, ?, ?)
First the query with parameter placeholders is prepared, and then the
values are supplied separately as parameters, so they are combined with
the query at execute-time on the RDBMS server. No quoting is needed.
The identifiers (table and column names) are quoted as delimited
identifiers, according to the syntax used by the RDBMS to which you're
connected.
Regards,
Bill Karwin
> -----Original Message-----
> From: Ian Warner [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, October 17, 2007 6:09 AM
> To: Zend Framework
> Subject: [fw-general] DB Table Insert Quoting
>
> Am I right in Assuming:
>
> $table = new Bugs();
>
> $data = array(
> 'created_on' => '2007-03-22',
> 'bug_description' => 'Something wrong',
> 'bug_status' => 'NEW'
> );
>
> $table->insert($data);
>
> does Automatic Quoting
>
> so
>
> $table = new Bugs();
>
> $data = array(
> 'created_on' => $foo,
> 'bug_description' => $bar,
> 'bug_status' => $var);
>
> $table->insert($data);
>
> are all quoted correctly - if not how is this implemented
>
> probaly asked a thousand times but couldnt see it in the
> threads on here
>
> Ian
>
