Issues

ZF-6517: /zend.db.table.html#zend.db.table.fetch-all should demonstrate use of bind variables

Description

http://framework.zend.com/manual/en/… draws attention to the new API for Zend_Db_Table::fetchAll which allows passing in a Zend_Db_Table_Select object.

However, the example uses a where clause without a bind variable. This causes Zend_Db_Select to use Zend_Db_Adapter::quoteInto() to substitute the value into the where clause.

It is much better practice to use bind variables, and I suggest changing the example to:


// Fetching a rowset
$rows = $table->fetchAll('bug_status = "NEW"', 'bug_id ASC', 10, 0);
$rows = $table->fetchAll($table->select()->where('bug_status = :status')
                                         ->bind(array(':status'=>'NEW')
                                         ->order('bug_id ASC')
                                         ->limit(10, 0));

// Fetching a single row
$row = $table->fetchRow('bug_status = "NEW"', 'bug_id ASC');
$row = $table->fetchRow($table->select()->where('bug_status = :status')
                                        ->bind(array(':status'=>'NEW')
                                        ->order('bug_id ASC'));

Comments

Fixed with r19139