Sanch
Reputation: 137
Prevent Sql injection in ZF
I use following code
$this->getDb()->fetchRow($sql, $params);
Is it free from sql injection? Please guide me. How i can make it free from sql injection.
Upvotes: 2
Views: 910
Answers (1)
Haim Evgi
Reputation: 125674
use Zend_Db class, for Escaping
used the validator of the Zend_Form in order to filter the input values.
3.Uses Prepared Statements internally as much as possible like :
// Build this query:
// SELECT product_id, product_name, price
// FROM "products"
// WHERE (price < 100.00 OR price > 500.00)
// AND (product_name = 'Apple')
$minimumPrice = 100;
$maximumPrice = 500;
$prod = 'Apple';
$select = $db->select()
->from('products',
array('product_id', 'product_name', 'price'))
->where("price < $minimumPrice OR price > $maximumPrice")
->where('product_name = ?', $prod);
read more in this link :
Upvotes: 3
Related Questions
- How can I prevent SQL injection in PHP?
- Preventing SQL injections with PHP and Zend Framework - how?
- Sanitize INSERT SELECT sql using Zend Framework
- Zendframework - mysql injection how to protect
- prevent sql injection plus using regexp in zend
- Zend sql injection prevention
- Zend Framework SQL Injection protection
- How to prevent SQL Injection attack in applications programmed in Zend Framework?
- Zend secure sql queries?
- Zend Db avoiding sql injections