I try to disable quote identifiers from config, but it seems only valid for IbmDb2 platform.
$adapter = new Laminas\Db\Adapter\Adapter([
'driver' => 'Pdo_Mysql',
'database' => 'drapp',
'hostname' => '127.0.0.1',
'port' => '3306',
'username' => 'drapp',
'password' => '123456',
'platform' => 'Mysql',
'platform_options' => ['quote_identifiers' => false],
]);
eguvenc
November 6, 2020, 10:35am
3
Is it possible to add Mysql ?
No, because disabling them in MySQL leads to quite a number of SQLi vectors.
1 Like
eguvenc
November 10, 2020, 7:48am
5
Thanks for the answer.
But in our project we want to send a value to join clause, is it possible without disabling quote identifiers ?
Related question is below.
I want to send a language id value that is valid only in the joined table.
$sql = new Sql($this->adapter);
$select = $sql->select();
$select->from('users');
$select->columns([
'user_id',
]);
$select->join(['s' => 'specifications'], 'u.client_id = s.client_id AND u.user_id = s.consultant_id',
['specification_id'], $select::JOIN_LEFT);
$select->join(['sl' => 'specifications_lang'],
's.client_id =…
Not sure I fully understand the problem - if you are trying to reference a value and you don’t want it quoted, i.e. sl.lang_id = 3 and not sl.lang_id = ‘3’ then use Zend Sql Expressions
1 Like