Zend_Db_Expr, zenddbtable

Zend_Db_Expr, zenddbtable

When using Db classes in zendframework, the Framework automatically adds quotation marks to SQL statements to prevent database attacks. This causes a problem, you cannot use the zend db class to use mysql built-in functions (methods, stored procedures, etc ). Fortunately, the zend framework provides a class Zend_Db_Expr, which will tell the framework not to add quotation marks to the converted type.

    public function setBatchDelete($orderIds) {        $flag = YCL_Order::FLAG_DELETED;        $updateTime = time();        $data = array(            'flag' => new Zend_Db_Expr("flag | $flag"),            'update_time' => $updateTime        );           $db = $this->getAdapter();        $where = $db->quoteInto('service_order_id IN (?)',$orderIds);        $this->update($data,$where);    }

The flag on the left of the above example is the flag in the database.

   $select=$db->select();   $select->from("testtable","*");   $select->where($db->quotInto("date>=?",new Zend_Db_Expr("UNIX_TIMESTAMP()"));   $db->fetchAll($select);

The framework does not add quotation marks to UNIX_TIMESTAMP () so that users can use this function normally.

You also can create an object of typeZend_Db_Expr explicitly, to prevent a string from being treated as a column name.

How to output SQL statements in zend framework184-PHP framework development

Dear user, 1.8.4 is very old. The latest version may be 1.12.x (zf2 is not considered). We recommend that you upgrade to 1.11 or 1.12, so you do not need to change your source code.
For your problem, you do not need to output SQL statements in this usage. Because this SQL statement is manually defined, You can output it by yourself. For example
$ SQL = "select count (*) from gs_user where username = '{$ userName}' AND password = '{$ password}'"; echo $ SQL; print_r ($ this-> db-> fetchOne ($ SQL); the answer upstairs is actually correct, but the code is not complete. Here is an example.
$ Select = new Zend_Db_Table_Select () $ select-> from ('gs _ users', array (new Zend_Db_Expr ('count (*)'); $ select-> where ('username', $ username)-> where ('Password', $ password); try {$ row = $ select-> query (PDO :: FETCH_ASSOC)-> fetch ();} catch (Exception $ e) {die ($ select);} For Zend Framework, an available project source code is provided here, maybe you can give you some help. Www.941172.com/forum/view/baseprojectsource code download and configuration operation


When Zend Framework is updated, how does one not add quotation marks automatically?-PHP Framework development

If the value you want to update is not a string, but an SQL syntax, use Zend_Db_Expr to declare $ data [\ 'val \ '] = new Zend_Db_Expr (\ 'val + 1 \'); view the original post>

Hope to adopt