所以我已升级到ZF 2.1.4,我收到一条通知说:Attempting to quote a value in Zend\Db\Adapter\Platform\Mysql without extension/driver support can introduce security vulnerabilities in a production environment
我的dbadapter是这样实现的:
return array(
'service_manager' => array(
'factories' => array(
'Zend\Db\Adapter\Adapter' => 'Zend\Db\Adapter\AdapterServiceFactory',
)
),
'db' => array(
'driver' => 'pdo_mysql',
'driver_options' => array(
PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'"
),
'dsn' => 'mysql:dbname=test;host=192.168.1.8',
'username' => 'test',
'password' => 'test',
)
);
我想引用的内容如下:
$order = 'field(ce.id, ' . $this->_db->getPlatform()->quoteValueList($ids) . ')';
$select->order(new Expression($order));
我应该怎么做?我的印象是pdo_mysql有引用值的驱动程序支持。
答案 0 :(得分:2)
通过添加$this->platform->setDriver($this->getDriver());,您已经找到了解决方案。另外看看这个:
请参阅此版本附带的公告和安全说明:http://framework.zend.com/security/advisory/ZF2013-03
发行说明:http://framework.zend.com/blog/2013-03-14-zend-framework-3-for-1-release-day.html