mob*_*ius 7 php zend-framework2
所以我已升级到ZF 2.1.4,我收到了一条通知说: Attempting to quote a value in Zend\Db\Adapter\Platform\Mysql without extension/driver support can introduce security vulnerabilities in a production environment
我的dbadapter是如此实例化的:
return array(
'service_manager' => array(
'factories' => array(
'Zend\Db\Adapter\Adapter' => 'Zend\Db\Adapter\AdapterServiceFactory',
)
),
'db' => array(
'driver' => 'pdo_mysql',
'driver_options' => array(
PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'"
),
'dsn' => 'mysql:dbname=test;host=192.168.1.8',
'username' => 'test',
'password' => 'test',
)
);
我想引用的是以下内容:
$order = 'field(ce.id, ' . $this->_db->getPlatform()->quoteValueList($ids) . ')';
$select->order(new Expression($order));
我该怎么办呢?我的印象是pdo_mysql有引用值的驱动程序支持.
看起来您已经通过添加找到了解决方案$this->platform->setDriver($this->getDriver());。另请看一下这个:
请参阅此版本附带的公告和安全说明:http://framework.zend.com/security/advisory/ZF2013-03
发行说明:http://framework.zend.com/blog/2013-03-14-zend-framework-3-for-1-release-day.html
| 归档时间: |
|
| 查看次数: |
3404 次 |
| 最近记录: |