ZF-6517: /zend.db.table.html#zend.db.table.fetch-all should demonstrate use of bind variables
Description
http://framework.zend.com/manual/en/… draws attention to the new API for Zend_Db_Table::fetchAll which allows passing in a Zend_Db_Table_Select object.
However, the example uses a where clause without a bind variable. This causes Zend_Db_Select to use Zend_Db_Adapter::quoteInto() to substitute the value into the where clause.
It is much better practice to use bind variables, and I suggest changing the example to:
// Fetching a rowset
$rows = $table->fetchAll('bug_status = "NEW"', 'bug_id ASC', 10, 0);
$rows = $table->fetchAll($table->select()->where('bug_status = :status')
->bind(array(':status'=>'NEW')
->order('bug_id ASC')
->limit(10, 0));
// Fetching a single row
$row = $table->fetchRow('bug_status = "NEW"', 'bug_id ASC');
$row = $table->fetchRow($table->select()->where('bug_status = :status')
->bind(array(':status'=>'NEW')
->order('bug_id ASC'));
Comments
Posted by Mickael Perraud (mikaelkael) on 2009-11-20T12:28:23.000+0000
Fixed with r19139