我的 Zend 框架“引用"一团糟 [英] My Zend Framework 'quoting' mess
问题描述
我有一个可能非常简单的问题,我在 Zend Framework 手册或其他地方找不到令人满意的(主观上看到的)答案...
I've got a probably very simple issue to which I can't find a satisfactory (subjectively seen) answer in the Zend Framework manual or elsewhere...
有很多方法可以将我的 php 变量传递给我的 sql 查询,以至于我丢失了概述,并且可能我对一般引用缺乏一些了解.
There are so many ways how I can hand over my php variables to my sql queries that I lost the overview and probably I lack some understanding about quoting in general.
$sql = "SELECT this, that
FROM table
WHERE id = ? AND restriction = ?";
$stmt = $this->_db->query($sql, array($myId, $myValue));
$result = $stmt->fetchAll();
我知道使用这个解决方案我不需要引用任何东西,因为数据库会为我处理这个.
I understand that with this solution I don't need to quote anything because the db handles this for me.
$users = new Users();
$users = new Users();
a) $users->fetchRow('userID = ' . $userID);
b) $users->fetchRow('userID = ' . $users->getAdapter()->quote($userID, 'INTEGER'));
c) $users->fetchRow('userID = ?', $userID);
d) $users->fetchRow('userID = ?', $users->getAdapter()->quote($userID, 'INTEGER'));
问题
我知道 a) 不好,因为它根本没有被引用.但是其他版本呢,什么是最好的?c) 是否被视为语句并自动引用,或者我在使用 时是否需要使用 d) ?标识符?
Questions
I understand that a) is not ok because it's not quoted at all. But what about the other versions, what's the best? Is c) being treated like a statement and automatically quoted or do I need to use d) when I use the ? identifier?
推荐答案
免责声明:此信息自本答案的原始发布日期起有效.ZF 经常更改,此信息可能会随着未来版本而过时,但是,出于存档目的,这将保持不变.
Disclaimer: This information is valid as of the original posting date of this answer. ZF changes often, this information may become outdated with future releases, however, this will remain unchanged for archival purposes.
如果您将字符串传递给 Zend_Db_Table_Abstract 子类的 fetchRow() 方法(您正在执行),它将被视为 where Zend_Db_Table_Select 实例的一部分.
If you pass a string to the fetchRow() method of a subclass of Zend_Db_Table_Abstract (which you are doing), it will be treated as a where part of a Zend_Db_Table_Select instance.
换句话说,在内部,Zend_Db_Table 是这样做的:
In other words, internally, Zend_Db_Table does this:
if (!($where instanceof Zend_Db_Table_Select)) {
$select = $this->select();
if ($where !== null) {
$this->_where($select, $where);
}
所以...:
a) $users->fetchRow('userID = ' . $userID);
根本没有引用.
b) $users->fetchRow('userID = ' . $users->getAdapter()->quote($userID, 'INTEGER'));
手动引用为整数.
c) $users->fetchRow('userID = ?', $userID);
由 Zend_Db_Adapter_*::quoteInto()
d) $users->fetchRow('userID = ?', $users->getAdapter()->quote($userID, 'INTEGER'));
实际上是双引号,一次由你自己,一次通过自动引用.
Is actually double quoted, once by you, and once via the automatic quoting.
就最佳"而言,我推荐选项 C.框架将自动对参数化值调用 quoteInto.
As far as "best" is concerned, I would recommend option C. The framework will automatically call quoteInto on the parameterized value.
请记住:您始终可以将 Zend_Db_Table_Select 或 Zend_Db_Select 的实例传递给 fetchRow()方法代替...
Keep in mind: You could always pass an instance of Zend_Db_Table_Select or Zend_Db_Select to the fetchRow() method instead...
同样,在 Zend_Db_Table_Abstract 的子类中,它看起来像这样:
Again, in a subclass of Zend_Db_Table_Abstract, that would look like this:
$this->fetchRow($this->select()->where('userID = ?', $userID));
这样做的好处是,您可以构建更复杂的查询,因为您可以控制的不仅仅是 SQL 查询的 WHERE 子句.理论上,您可以轻松做到:
The plus of doing this, is that you can construct much more complex queries, as you have control over much, much more than just the WHERE clause of the SQL query. In theory, you could easily do:
$select = $this->select()->where('userID = ?', $userID)
->join(array('sat' => 'superAwesomeTable'), array('sat.user_id = userID', array('superAwesomeColumn'));
$this->fetchRow($select);
注意:如果传递一个 Zend_Db_Select 的实例,fetchRow() 方法的作用与 fetchAll() 完全一样> except 内部调用select对象的limit()方法,参数为1.
Note: If passed an instance of Zend_Db_Select, the fetchRow() method acts exactly like fetchAll() except it internally calls the limit() method of the select object, with a parameter of 1.
这篇关于我的 Zend 框架“引用"一团糟的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
