A web developer's blog. PHP, MySQL, CakePHP, Zend Framework, Wordpress, Code Igniter, Django, Python, CSS, Javascript, jQuery, Knockout.js, and other web development topics.

Zend Framework Database Cheatsheet

For those of you who are a lot like me – those who can’t live without cheatsheets, I have made some sort of cheatsheet for the Zend Framework Database-thingies (Zend_Db, etc.).

It has notes on how to insert a row, updating, deleting, fetching, table joins, transactions. I could never memorize anything, and this page has been very useful to me – just sharing.

Click here for the Zend_Db cheatsheet.

This entry was posted in General and tagged , . Bookmark the permalink.

3 Responses to Zend Framework Database Cheatsheet

  1. Bill Karwin says:

    Hi eKini,

    I noticed in your Zend_Db cheatsheet, you show multiple examples of interpolating PHP integer variables into SQL expressions. In the specific cases you show, this is okay because the variable has only values defined in the same function. But in general, variables might contain data that comes from an untrusted source, such as user input. This introduces a risk of SQL injection vulnerability — either by accident or by a malicious attacker.

    So you should use the Zend_Db quoteInto() method to help reduce this risk. For example, instead of this:

    $where = ‘id=”‘.$id.’”‘; // Risk of SQL injection

    You should do this:

    $db = $claimH->getAdapter();
    $where = $db->quoteInto(‘id= ?’, $id);

    The result is that $id is interpolated into the SQL expression with proper SQL quote delimiters, and escapes any special characters within the content of $id.

  2. admin says:

    hi Bill,

    thanks for the reply. :)
    i will be making the changes on the examples.

  3. neville.sk says:

    Thanks for the cheatsheet ;-)

Leave a Reply to Bill Karwin Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>