Markizano is talking about prepared statements with placeholders, which is the recommended way of working with a database as it minimises the risk of sql injection.
Passing an array to where or quoteInto will escape strings correctly, but you also need to make sure that you don't pass in an empty array. Otherwise the resulting sql will be 'WHERE blah IN()' which is invalid. Cheers, David -- View this message in context: http://zend-framework-community.634137.n4.nabble.com/Generating-a-mysql-IN-operator-with-arrays-and-quoteInto-possible-tp3447311p3448543.html Sent from the Zend Framework mailing list archive at Nabble.com. -- List: [email protected] Info: http://framework.zend.com/archives Unsubscribe: [email protected]
