Zend_Db_Select where() 和 Zend_Db_Adapter quoteInto()

发布于 2024-09-02 11:12:15 字数 266 浏览 10 评论 0原文

Zend_Db_Select 的 where() 方法（当包含要完全进入的可选值时）和 Zend_Db_Adapte 的 quoteInto() 方法在转义 SQL 方面基本相同吗？

换句话说，这两段引用是否相同且同样安全？

$select->where($this->getAdapter()->quoteInto('id = ?', 3));

$select->where(id = ?, 3);

谢谢！

原文

Are Zend_Db_Select's where() method, when including the optional value to quite into, and Zend_Db_Adapte's quoteInto() methods basically the same as far as escaping SQL?

In other words, are these two pieces of quote identical and equally secure?

$select->where($this->getAdapter()->quoteInto('id = ?', 3));

$select->where(id = ?, 3);

Thanks!

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

悸初 2024-09-09 11:12:15

Zend_Db_Select::_where() 使用 Zend_Db_Abstract::quoteInto() 引用您在组装 sql 字符串时在 Zend_Db_Select::where() 中指定为第二个参数的值。

来自 Zend_Db_Select 的第 983 行：

/**
 * Internal function for creating the where clause
 *
 * @param string   $condition
 * @param mixed    $value  optional
 * @param string   $type   optional
 * @param boolean  $bool  true = AND, false = OR
 * @return string  clause
 */
protected function _where($condition, $value = null, $type = null, $bool = true)
{
    if (count($this->_parts[self::UNION])) {
        require_once 'Zend/Db/Select/Exception.php';
        throw new Zend_Db_Select_Exception("Invalid use of where clause with " . self::SQL_UNION);
    }

    if ($value !== null) {
        $condition = $this->_adapter->quoteInto($condition, $value, $type);
    }

    $cond = "";
    if ($this->_parts[self::WHERE]) {
        if ($bool === true) {
            $cond = self::SQL_AND . ' ';
        } else {
            $cond = self::SQL_OR . ' ';
        }
    }

    return $cond . "($condition)";
}

Zend_Db_Select::_where() is using Zend_Db_Abstract::quoteInto() to quote the value(s) you specify as the second parameter in Zend_Db_Select::where() when assembling the sql string.

From line 983 of Zend_Db_Select:

/**
 * Internal function for creating the where clause
 *
 * @param string   $condition
 * @param mixed    $value  optional
 * @param string   $type   optional
 * @param boolean  $bool  true = AND, false = OR
 * @return string  clause
 */
protected function _where($condition, $value = null, $type = null, $bool = true)
{
    if (count($this->_parts[self::UNION])) {
        require_once 'Zend/Db/Select/Exception.php';
        throw new Zend_Db_Select_Exception("Invalid use of where clause with " . self::SQL_UNION);
    }

    if ($value !== null) {
        $condition = $this->_adapter->quoteInto($condition, $value, $type);
    }

    $cond = "";
    if ($this->_parts[self::WHERE]) {
        if ($bool === true) {
            $cond = self::SQL_AND . ' ';
        } else {
            $cond = self::SQL_OR . ' ';
        }
    }

    return $cond . "($condition)";
}

回复收藏 0 原文