TechQA.

How to properly quote / escape this INSERT statement in Zend 1 Framework

17 views Asked by At

I am stuck with an ancient Zend 1 project, which we gradually want to fade into Symfony.

My colleague created an repository with the following code:

    public function insert(Address $address): int
    {
        $sql = <<<SQL
            insert into contract_request.applicant_address 
                (applicant_uuid, street, street_number, postcode, city)
                VALUES
                    (
                     {$address->getApplicantUuid()},
                     '{$address->getStreet()}',
                     {$address->getStreetNumber()},
                     '{$address->getPostcode()}',
                     '{$address->getCity()}'
                    )        
        SQL;
        $stmt = new Zend_Db_Statement_Mysqli($this->db, $sql);
        $stmt->execute();

        $addressId = $this->db->lastInsertId();

        return (int) $addressId;
    }

Which works nicely as long as no text with an apostrophe is inserted e.g. 't Hertogenbosch which can happen. So how can I properly escape critical strings before inserting them into the db with this construct? Changing the single quote signs to double doesn't help.

I found similar questions only for select queries.

mysqli zend-framework php-7.4
Original Q&A
0

There are 0 answers

Related Questions in MYSQLI

Related Questions in ZEND-FRAMEWORK

Related Questions in PHP-7.4

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions