ZF-11454: Zend_Db is said not to quote the "where", but it does, or at least may, depending on the $where variable


At http://framework.zend.com/manual/en/… manual states: "Since the table delete() method proxies to the database adapter delete() method, the argument can also be an array of SQL expressions. The expressions are combined as Boolean terms using an AND operator.

Note: The values and identifiers in the SQL expression are not quoted for you. If you have values or identifiers that require quoting, you are responsible for doing this. Use the quote(), quoteInto(), and quoteIdentifier() methods of the database adapter. "

But in fact there is a third option - sending the $where parameter od delete() method as array, that is used for quotation using quoteInto - array('bugs_id = ?' => $bugId);

I suggest adding more info to the Docs along these lines (sorry for my not excelent english):

Note: You can also pass the expressions using and array, that has syntax somewhat simmilar to the Zend_Db_Select's where() method like this: $adapter->delete(array('bugs_id = ?' => $bugId)) Such expressions will be properly escaped using the quoteInto() method.


No comments to display