zend framework - Zend_Db_Table_Abstract: save - sql injection -
when using zend_db_table_abstract save function, update database, need worry sql injection (quote parameters) or done automatically?
how can see how query looks?
no, don't have worry sql injection when using save().
behind scenes, zend framework uses zend_db_adapter_abstract::insert() , zend_db_adapter_abstract::update(), use bind parameters. values escaped framework prevent sql injection.
the risk of sql injection when using zend_db_expr create custom / advanced queries, cannot happen when using save().
you may want have on zend_db_profiler list queries generated framework.
alternatively, can enable database query logs. see how enable mysql query log? mysql, or how log postgresql queries? postgres.
Comments
Post a Comment