是Zend_Db_Select的where()方法,当包含可选值时,和Zend_Db_Adapte的quoteInto()方法基本相同,只是转义SQL?
换句话说,这两段引语是否相同且同样安全?
$select->where($this->getAdapter()->quoteInto('id = ?', 3));
$select->where(id = ?, 3);
谢谢!
答案 0 :(得分:1)
Zend_Db_Select :: _ where()使用Zend_Db_Abstract :: quoteInto()引用您在汇编sql字符串时指定为Zend_Db_Select :: where()中的第二个参数的值。
从Zend_Db_Select的第983行开始:
/**
* Internal function for creating the where clause
*
* @param string $condition
* @param mixed $value optional
* @param string $type optional
* @param boolean $bool true = AND, false = OR
* @return string clause
*/
protected function _where($condition, $value = null, $type = null, $bool = true)
{
if (count($this->_parts[self::UNION])) {
require_once 'Zend/Db/Select/Exception.php';
throw new Zend_Db_Select_Exception("Invalid use of where clause with " . self::SQL_UNION);
}
if ($value !== null) {
$condition = $this->_adapter->quoteInto($condition, $value, $type);
}
$cond = "";
if ($this->_parts[self::WHERE]) {
if ($bool === true) {
$cond = self::SQL_AND . ' ';
} else {
$cond = self::SQL_OR . ' ';
}
}
return $cond . "($condition)";
}
答案 1 :(得分:0)
据我了解,这已经在哪里指明它将是多余的。