On 4/8/07, Bill Karwin <[EMAIL PROTECTED]> wrote:
For simple cases, it is certainly easier to write the SQL yourself, if you
are comfortable writing SQL.
Adding to what Bill said, even with simple cases, you should be using
prepared statements whenever you use PHP data inside your SQL. For
example:
BAD
$result = $db->query("SELECT * FROM users WHERE id=$id");
GOOD
$result = $db->query("SELECT * FROM users WHERE id=:id", array('id'=>$id) );
Using this will mitigate any possibility of SQL injection in your app.
You can read more about it in the section on binding data to
statements in the ZFW manual:
<http://framework.zend.com/manual/en/zend.db.html#zend.db.adapter.queries>
--
- Ed Finkler
http://funkatron.com/
