mysql_real_escape_string 与 Zend [英] mysql_real_escape_string with Zend

问题描述

我正在使用 zend 框架开发 Web 应用程序.对于选择语句，我使用了以下方式.

I am developing a web application using zend framework. For select statements I have used following way.

例如:

public function getData($name)
{
  $sql = "SELECT * from customer where Customer_Name = '$name'";
  return $this->objDB->getAdapter()->fetchAll ($sql);
}

这很好用.但是如果我将客户姓名发送为:colvin's place，查询失败.我知道这是因为单引号.

This works fine. But If I send customer name as : colvin's place, The query fail. And I know it's because of the single quote.

之前我使用过addslashes PHP 函数.但我看到这不是一个好方法.这次我使用了mysql_real_escape_string PHP 函数.

Earlier I used addslashes PHP function. But I saw it is not a good way to do this. This time I used mysql_real_escape_string PHP function.

问题是它说以下警告.

警告</b>:mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]:访问用户 'ODBC'@'localhost' 被拒绝(使用密码:NO)

这是因为mysql_real_escape_string 函数需要连接到由mysql_connect 打开的数据库.我的问题是如何将它与 *Zend_DB* 类一起使用.我需要始终使用自定义选择查询.感谢您提供的其他建议(如果有).

This is because of the mysql_real_escape_string function needs a connection to the database opened by mysql_connect. My question is how can I use this with *Zend_DB* classes. I need to use custom select queries always. Appreciate your other suggestions if available.

谢谢

推荐答案

可以使用Zend_Db提供的quote()函数:

http://framework.zend.com/manual/en/zend.db.adapter.html#zend.db.adapter.quoting.quote

这篇关于mysql_real_escape_string 与 Zend的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！