Chris Withers wrote:
Casey Duncan wrote:
sql_quote. So the output SQL of the two respective examples you gave would be:
SELECT * from x WHERE y='value'
SELECT * from x WHERE y=value
Okay, so <dtml-var sec sql_quote> is broken? ;-)
cheers,
Chris
No, that behavior is intentional. dtml-var has no way of knowing the intended type of the value like sql-var does, so it makes no assumptions. What I think is confusing you is the name 'sql_quote'. This refers to escaping SQL significant characters (like ' or ;) not putting quotes around the output. It is analagous to the html_quote and url_quote options. Because of this, dtml-var can be used places that sql-var cannot. For instance you could use it to affect different parts of the SQL other than just the WHERE clause, such as the ORDER BY clause for example. -- | Casey Duncan | Kaivo, Inc. | cduncan@kaivo.com `------------------>