avoiding MySQL injections with the Zend_Db class

Question

I currently use Zend_Db to manage my queries. I\'ve written already code that preforms queries like the one below:

$handle->select()->from(\'user_id\')
              


        

Answer 1

The bit that should make you feel safe is the ? marks in the where clauses. These are parameters, which are safely replaced with the second argument by the database system.