ansaurus

Question

how to use of select with multi condition in zend framework ?

Answer 1

A:

You can see the examples in Zend.DB manual

  // Build this query:
  //   SELECT product_id, product_name, price
  //   FROM "products"
  //   WHERE (price < 100.00 OR price > 500.00)
  //     AND (product_name = 'Apple')

  $minimumPrice = 100;
  $maximumPrice = 500;
  $prod = 'Apple';

  $select = $db->select()
               ->from('products',
                      array('product_id', 'product_name', 'price'))
               ->where("price < $minimumPrice OR price > $maximumPrice")
               ->where('product_name = ?', $prod);

michal kralik 2010-02-06 11:29:52

In this part "price < $minimumPrice OR price > $maximumPrice" the variables are not sanitized. This can lead to SQL injections.

Luiz Damim 2010-02-06 15:00:49

Sorry for -1. Didn´t know the example came from manual. It´s wrong, but It´s not your fault. If you edit your question I can undo the vote.

Luiz Damim 2010-02-06 15:08:04

On one hand you are correct, but on the other it's completely safe as both the variables are defined 3 lines before and are integers. I agree though that if someone copies over only the select it may be problem. For the sake of explaining how to construct query it's more clear.

michal kralik 2010-02-06 18:03:03

Answer 2

+1 A:

$firstname = 'alex';
$city = 'xx';

// AND query
$select = $adapter->select()
    ->from('person', array('id', 'firstname', 'lastname', 'city')
    ->where('firstname = ?', $firstname)
    ->where('city ?', $city);


// OR query
$select = $adapter->select()
    ->from('person', array('id', 'firstname', 'lastname', 'city')
    ->where('firstname = ?', $firstname)
    ->orWhere('city = ?', $city);

Take a look at the Zend_Db_Select manual to see more examples.

Luiz Damim 2010-02-06 14:59:22

ansaurus

tags:

views:

answers:

how to use of select with multi condition in zend framework ?

related questions