If you’re running an old version of Zend Server on the IBM i make sure you look at this article from Zend Support:
Basically you need to rename
/usr/local/zendsvr/lib/libdb400.a to /usr/local/zendsvr/lib/libdb400.a.bak
To do this Rod Flohr suggest you open a PASE shell and issue a mv command to rename the file.
mv /usr/local/zendsvr/lib/libdb400.a /usr/local/zendsvr/lib/libdb400.a.bak
If you pass in user supplied parameters to db2_connect function a person could log in as someone else with greater authorities possibly and go into pages or access data they aren’t authorized to use.