BTW, this is fixed recent builds (like 2.3.1) -Randy
-----Original Message----- From: Casey Duncan [mailto:cduncan@kaivo.com] Sent: Tuesday, May 01, 2001 2:53 PM To: Brian Withun Cc: Zope mailing list Subject: Re: [Zope] Zope Data Access Flaw?
Brian Withun wrote:
I am using 2.1.4 (linux), and have stumbled across this
little quirk...
Create a ZSQL Method as follows:
================ SELECT <dtml-var "_.whrandom.randint(1000,9999)"> AS random_value ================
(Our ZSQL Method is connected to Sybase, but this works on
MySQL as well)
Then, simply test the ZSQL Method.
Here's what I get:
Random value ---------------- 2754
SQL used: select 7684 as random_value
2754 is clearly not the same as 7684.
This is quite repeatable, with different random numbers each time. This works as expected if I replace the whrandom call with
a constant,
but I can't imagine how whrandom can be the culprit.
Brián Withun
This is happening because Zope replays the method when it displays the SQL after testing it. So, randint is being called twice. Once to send the SQL code to the database and once more to display it on the screen.
-- | Casey Duncan | Kaivo, Inc. | cduncan@kaivo.com `------------------>
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )