mysql_real_escape_string 与 Zend [英] mysql_real_escape_string with Zend
问题描述
我正在使用 zend 框架开发 Web 应用程序.对于选择语句,我使用了以下方式.
I am developing a web application using zend framework. For select statements I have used following way.
例如:
public function getData($name)
{
$sql = "SELECT * from customer where Customer_Name = '$name'";
return $this->objDB->getAdapter()->fetchAll ($sql);
}
这很好用.但是如果我将客户姓名发送为:colvin's place
,查询失败.我知道这是因为单引号.
This works fine. But If I send customer name as : colvin's place
,
The query fail. And I know it's because of the single quote.
之前我使用过addslashes PHP 函数.但我看到这不是一个好方法.这次我使用了mysql_real_escape_string
PHP 函数.
Earlier I used addslashes PHP function. But I saw it is not a good way to do this. This time I used mysql_real_escape_string
PHP function.
问题是它说以下警告.
警告</b>:mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]:访问用户 'ODBC'@'localhost' 被拒绝(使用密码:NO)
这是因为mysql_real_escape_string
函数需要连接到由mysql_connect
打开的数据库.我的问题是如何将它与 *Zend_DB* 类一起使用.我需要始终使用自定义选择查询.感谢您提供的其他建议(如果有).
This is because of the mysql_real_escape_string
function needs a connection to the database opened by mysql_connect
. My question is how can I use this with *Zend_DB* classes. I need to use custom select queries always. Appreciate your other suggestions if available.
谢谢
推荐答案
可以使用Zend_Db
提供的quote()
函数:
http://framework.zend.com/manual/en/zend.db.adapter.html#zend.db.adapter.quoting.quote
这篇关于mysql_real_escape_string 与 Zend的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!