Re: [fw-general] LIKE query in Zend_Db_Table_Select

Hector Virgen Tue, 26 Jan 2010 10:06:18 -0800

Yes, Zend_Db_Select#where() automatically escapes the second parameter,
unless it's a Zend_Db_Expr object.


--
Hector


On Tue, Jan 26, 2010 at 10:03 AM, Mark Steudel <[email protected]> wrote:

> Question about escaping here, if you are using parameterized queries,
> do you actually need to escape here? Won't Zend select escape it
> properly?
>
> On Tue, Jan 26, 2010 at 3:50 AM, Thomas D. <[email protected]>
> wrote:
> > Hi,
> >
> > Renan de Lima wrote:
> >> no, it doesnt :-)
> >>
> >> try this:
> >> $table = new TableClass();
> >> $select = $table->select()->where('name LIKE ?', '%' . $keyword . '%');
> >> $rowset = $table->fetchAll($select);
> >
> > Don't forget to escape $keyword!
> >
> >
> > --
> > Regards
> > Thomas
> >
> >
> >
>
>
>
> --
>
> -----------------------------------------
> Mark Steudel
> P: 206.375.7244
> [email protected]
>
> . : Work : .
> http://www.mindfulinteractive.com
>
> . : Play : .
> http://www.steudel.org/blog
>

Re: [fw-general] LIKE query in Zend_Db_Table_Select

Reply via email to