Does the Zend Framework handle automatic escaping of identifiers in update() queries as well?

When using the Zend Framework's update() method, it does not automatically escape identifiers in the query. To ensure that identifiers are properly escaped to prevent SQL injection attacks, you can use the quoteIdentifier() method to manually escape them before constructing the query.

// Example of manually escaping identifiers in an update query using Zend Framework

$table = new Zend_Db_Table('table_name');
$data = array(
    'column1' => 'value1',
    'column2' => 'value2'
);

$db = $table->getAdapter();
$escapedTableName = $db->quoteIdentifier($table->info('name'));

$where = $db->quoteInto('id = ?', $id);

$db->update($escapedTableName, $data, $where);