Teemu Valimaki wrote:
>
> I noticed that numeric values are not quoted in a query. Is there a reason
> for
> not quoting all parameters automatically no matter of their type? Or
> should
> the question be, why should they be quoted? To me it should be more
> consistent, but I might miss some important point in this.
>
Some databases (e.g. Oracle), throw an error if you compare dissimilar
types.
SELECT * FROM mytable WHERE integerColumn = '1234'; -- ERROR!
But no database has a problem with an unquoted integer literal:
SELECT * FROM mytable WHERE integerColumn = 1234;
So the quote() method in the Zend_Db_Adapter classes interpret PHP native
integers and floats as meant to be unquoted. However, a PHP string passed
to the quote() method is quoted by default.
But there are some cases where we need to represent the numeric value as a
string. For instance PHP's 32-bit integer type has a smaller range than a
SQL BIGINT type. That's why Zend_Db has an optional data type argument for
quote() and related methods, so we can use numeric values outside the range
of PHP native types, but still tell the quoting function not to quote them
since it would upset the SQL engine:
$sqlExpr = $db->quoteInto('WHERE bigintColumn = ?', '2147483648',
Zend_Db::BIGINT_TYPE);
Regards,
Bill Karwin
--
View this message in context:
http://www.nabble.com/Quote-all-database-query-parameters-tp16002047s16154p16004872.html
Sent from the Zend Framework mailing list archive at Nabble.com.
