kk01
Reputation: 11
Zendframework - mysql injection how to protect
If I use methods e.g. insert, update in ZF Will I be safe(mysql injection)?
for example a part of code:
$data = array(
'autor' => $autor,
'title' => $title,
'text' => $text,
'date' => $date,
);
$news = new News();
$news->insert($data); // safe?
Upvotes: 1
Views: 1672
Answers (3)
Fidi
Reputation: 5834
It's fine the way you are doing it. But be careful with mysql-expressions. There you should use a Zend_Db_Expr-Object:
$data = array(
'author' => 'John Doe',
'title' => 'Headline goes here',
'text' => 'The content...',
'date' => new Zend_Db_Expr('NOW()') // <--- use this for SQL-Expressions
);
$news = new News();
$news->insert($data);
Upvotes: 1
Teodor Talov
Reputation: 1943
I think it will be fine just the way you have it. I mean one of the advantages of using PDO ext is to prevent SQL injections using PHP instead of MySQL to query the database. Here is more from devzone.zend.com
Upvotes: 1
AJ.
Reputation: 28174
Similar question here:
How to prevent SQL Injection attack in applications programmed in Zend Framework?
Always make sure you sanitize user input values using mysql_real_escape_string
Upvotes: 1
Related Questions
- avoiding MySQL injections with the Zend_Db class
- Preventing SQL injections with PHP and Zend Framework - how?
- How to secure project against hacks and attacks?
- PHP mysql injection protection
- how to protect from sql injection when using php?id=
- Zend sql injection prevention
- Zend Framework SQL Injection protection
- How to prevent SQL Injection attack in applications programmed in Zend Framework?
- Prevent Sql injection in ZF
- Zend Db avoiding sql injections