is mysql escape string necessary

For programming and general questions on Zend Framework
Post a reply

is mysql escape string necessary

Postby simpli on Sat Jun 06, 2009 9:51 pm

Hi,
I have a model class that extends Zend_Db_Table_Abstract. I use the update and insert functions and I want to know if I have to use mysql_escape_string to avoid sql injection or if the zend functions escape them for me. I am using the pdo_mysql driver.

Thanks for clarifying.
JR
simpli
 
Posts: 33
Joined: Sat Jun 06, 2009 9:40 pm
Top

Re: is mysql escape string necessary

Postby dhaval4linux on Thu Jun 11, 2009 6:38 am

if you are using Zend_Db_Table method to insert or update data then its not necessary to do mysql_escape_string. that will be done by Zend_Db_Table. if You are running query line INSERT INTO tablename VALUES('sdf','sdf'); then you need to escape that else its not required.
Best Regards,
Dhaval
dhaval4linux
 
Posts: 161
Joined: Fri May 22, 2009 2:35 pm
Top
Post a reply

Return to Zend Framework

Who is online

Users browsing this forum: No registered users and 4 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group