avoiding MySQL injections with the Zend_Db class

Question

I currently use Zend_Db to manage my queries. I\'ve written already code that preforms queries like the one below:

$handle->select()->from(\'user_id\')
              


        

Answer 1

by default when you use value binding in your SQL queries like this:

where('first_name=?', $id);

Zend_Db uses appropriate quoting of values to prevent SQL injection. although it is strongly recommended (by books, articles, manuals and self experience) to sanitize/filter user input. Zend_Filter can be very helpful.