Hi, When I do the following in a ZSQL Method: SELECT * from x WHERE y=<dtml-sqlvar sec type=string> it works fine, however, when I do: SELECT * from x WHERE y=<dtml-var sec sql_quote> I get: exceptions.AttributeError Traceback (innermost last): File /usr/zope/zope-2_3_1b3/lib/python/ZPublisher/Publish.py, line 223, in publish_module File /usr/zope/zope-2_3_1b3/lib/python/ZPublisher/Publish.py, line 179, in publish File /usr/zope/zope-2_3_1b3/lib/python/Zope/__init__.py, line 240, in abort File /usr/zope/zope-2_3_1b3/lib/python/ZODB/Transaction.py, line 179, in abort File /usr/zope/zope-2_3_1b3/lib/python/Shared/DC/ZRDB/TM.py, line 126, in abort File /usr/zope/zope-2_3_1b3/lib/python/Shared/DC/ZRDB/TM.py, line 119, in _abort AttributeError: rollback What gives? ;-) Chris
Chris Withers wrote:
Hi,
When I do the following in a ZSQL Method: SELECT * from x WHERE y=<dtml-sqlvar sec type=string>
it works fine, however, when I do: SELECT * from x WHERE y=<dtml-var sec sql_quote>
I get:
exceptions.AttributeError
Traceback (innermost last): File /usr/zope/zope-2_3_1b3/lib/python/ZPublisher/Publish.py, line 223, in publish_module File /usr/zope/zope-2_3_1b3/lib/python/ZPublisher/Publish.py, line 179, in publish File /usr/zope/zope-2_3_1b3/lib/python/Zope/__init__.py, line 240, in abort File /usr/zope/zope-2_3_1b3/lib/python/ZODB/Transaction.py, line 179, in abort File /usr/zope/zope-2_3_1b3/lib/python/Shared/DC/ZRDB/TM.py, line 126, in abort File /usr/zope/zope-2_3_1b3/lib/python/Shared/DC/ZRDB/TM.py, line 119, in _abort AttributeError: rollback
What gives? ;-)
Chris
It looks like the DA is trying to do a rollback, but tanking (perhaps a bug in the DA). Those two operations are different however. dtml-sqlvar adds quotes around the value, whereas dtml-var does not even with sql_quote. So the output SQL of the two respective examples you gave would be: SELECT * from x WHERE y='value' SELECT * from x WHERE y=value -- | Casey Duncan | Kaivo, Inc. | cduncan@kaivo.com `------------------>
Chris Withers wrote:
Casey Duncan wrote:
sql_quote. So the output SQL of the two respective examples you gave would be:
SELECT * from x WHERE y='value'
SELECT * from x WHERE y=value
Okay, so <dtml-var sec sql_quote> is broken? ;-)
cheers,
Chris
No, that behavior is intentional. dtml-var has no way of knowing the intended type of the value like sql-var does, so it makes no assumptions. What I think is confusing you is the name 'sql_quote'. This refers to escaping SQL significant characters (like ' or ;) not putting quotes around the output. It is analagous to the html_quote and url_quote options. Because of this, dtml-var can be used places that sql-var cannot. For instance you could use it to affect different parts of the SQL other than just the WHERE clause, such as the ORDER BY clause for example. -- | Casey Duncan | Kaivo, Inc. | cduncan@kaivo.com `------------------>
participants (2)
-
Casey Duncan -
Chris Withers