If I use methods e.g. insert, update in ZF Will I be safe(mysql injection)?
for example a part of code:
$data = array(
'autor' => $autor,
'title' => $title,
'text' => $text,
'date' => $date,
);
$news = new News();
$news->insert($data); // safe?
Similar question here:
How to prevent SQL Injection attack in applications programmed in Zend Framework?
Always make sure you sanitize user input values using mysql_real_escape_string
I think it will be fine just the way you have it. I mean one of the advantages of using PDO ext is to prevent SQL injections using PHP instead of MySQL to query the database. Here is more from devzone.zend.com
It's fine the way you are doing it. But be careful with mysql-expressions. There you should use a Zend_Db_Expr-Object:
$data = array(
'author' => 'John Doe',
'title' => 'Headline goes here',
'text' => 'The content...',
'date' => new Zend_Db_Expr('NOW()') // <--- use this for SQL-Expressions
);
$news = new News();
$news->insert($data);
() will be converted automaticaly ;)
