Prevent Sql injection in ZF

I use following code

$this->getDb()->fetchRow($sql, $params);

Is 开发者_开发问答it free from sql injection? Please guide me. How i can make it free from sql injection.

---

1. use Zend_Db class, for Escaping

2. used the validator of the Zend_Form in order to filter the input values.

3.Uses Prepared Statements internally as much as possible like :

// Build this query:
//    SELECT product_id, product_name, price
//    FROM "products"
//   WHERE (price < 100.00 OR price > 500.00)
//  AND (product_name = 'Apple')
$minimumPrice = 100;
$maximumPrice = 500;
$prod = 'Apple';
$select = $db->select()
   ->from('products',
   array('product_id', 'product_name', 'price'))
   ->where("price < $minimumPrice OR price > $maximumPrice")
   ->where('product_name = ?', $prod);

read more in this link :

http://static.zend.com/topics/Webinar-Zend-Secure-Application-Development-with-the-Zend-Framework.pdf