7

所以我已经升级到 ZF 2.1.4,我收到一条通知,上面写着:Attempting to quote a value in Zend\Db\Adapter\Platform\Mysql without extension/driver support can introduce security vulnerabilities in a production environment

我的 dbadapter 是这样实例化的:

return array(
  'service_manager' => array(
    'factories' => array(
      'Zend\Db\Adapter\Adapter' => 'Zend\Db\Adapter\AdapterServiceFactory',
    )
   ),
   'db' => array(
     'driver'         => 'pdo_mysql',
     'driver_options' => array(
       PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'"
     ),
     'dsn'            => 'mysql:dbname=test;host=192.168.1.8',
     'username'       => 'test',
     'password'       => 'test',
   )
 );

我想引用以下内容:

$order = 'field(ce.id, ' . $this->_db->getPlatform()->quoteValueList($ids) . ')';
$select->order(new Expression($order));

我应该怎么做?我的印象是 pdo_mysql 有驱动程序支持引用值。

4

1 回答 1

2

看起来您已经通过添加找到了解决方案$this->platform->setDriver($this->getDriver());。也看看这个:

请参阅此版本随附的公告和安全说明:http: //framework.zend.com/security/advisory/ZF2013-03

发行说明: http: //framework.zend.com/blog/2013-03-14-zend-framework-3-for-1-release-day.html

于 2013-05-25T16:32:18.973 回答