mysql_real_escape_string with Zend

Question

I am developing a web application using zend framework. For select statements I have used following way.

Ex:

public function getData($name)
{
  $sql          


        

Answer 1

You could use parameter binding as well, then the method will look like:

public function getData($name)
{
  $sql = "SELECT * from customer where Customer_Name = :name";
  return $this->objDB->getAdapter()->fetchAll ($sql, ['name' => $name]);
}

Then your data will be escaped automatically