Menu
I have the following code:
public function checkLoginDetails($email, $password) {
$select = $this->select ();
$select->where ( "password=?", md5($password) );
$select->where ( "email=?", $email );
return $this->fetchRow($select);
}
email and password come directly from the user. Do I need to filter email with, say, mysql_real_escape_string or does Zend DB do it for me?
Thank you!
905
I was the main developer on Zend_Db, up to Zend Framework 1.0.
In the example you show, the values are interpolated into the query, with appropriate quotes and escaping applied. You don't have to do anything more.
Internally, it uses the quoting function built into the PHP extension for the Zend_Db_Adapter you're using. E.g. PDO::quote().
140
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
