I'm new to PHP and I recently started learning Zend Framework. What DAL are you using? Do you think that Zend_Db_* can do the magic? I need it mainly for MySql db. Does it have any limitations and can I use it in big project without any problems because I don't want to go the wrong way.
10x
I generally keep it simple and just use mysqli. I keep queries safe by checking inputs consist only of lowercase letters/are in an array of whitelisted parameters where I need to construct them.
We used Doctrine on two projects last year with MySql. I think it's about as good as a O/R mapper can get on PHP. DQL is actually quite well thought out, and you rarely (if ever) need to touch the DB.
While the two projects were not "big," they did sustain high-traffic bursts for weeks at a time, including lots of DB access. Doctrine was never a problem.
Compared to ZendDB, Doctrine -- being a standalone project -- gets much better attention, its own Blog and training courses, etc. With Zend, it always feels like a subproject.
Zend_Db works perfectly. If you still want to you can send direct SQL to the database in case you have problems.
Zend_Db is built on top of PDO, so it's pretty secure in terms of parameter injection (considering they use it themselves), however, you can take a look at the source code if you don't trust them (the joys of open source!)
I use Zend_Db. It works on top of PDO. I sometimes use it with some of the other frameworks, CI, Kohana, etc.