mysql_real_escape_string with Zend

Question

I am developing a web application using zend framework. For select statements I have used following way.

Ex:

public function getData($name)
{
  $sql          


        

Answer 1

I had this problem, I used this way and is working correctly:

You can use quote():

The quote() method accepts a single argument, a scalar string value. It returns the value with special characters escaped in a manner appropriate for the RDBMS you are using, and surrounded by string value delimiters. The standard SQL string value delimiter is the single-quote (').

But quote returns a string with 'string' (return it inside quotation), for example I get an string from user from a input-text box (or by URL in GET method)

$string = $this->parameters['string']; // This is like $_POST or $_GET
$string = $this->db->quote($string);
$string = substr($string, 1, strlen($string)-2);   
//The above line will remove quotes from start and end of string, you can skip it

Now we can use this $string, and it is like what mysql_real_escape_string returns