Oliver Bleutgen writes:

...

Shouldn't tags for creating sql-statements in ZSQL (like dtml-sqltest) quote the variables by default in order to prevent unexpected conversions by the database? Did you check, that standard SQL supports quoted names?

First, I meant double quotes (") not single one's ('), in case that wasn't clear. I know that for mysql, postgres, oracle there are column names which will surely break dtml-sqltest as it is implemented now. Either lowercase letters (oracle, as you also noted) or uppercase (the other two). I guess sql-keywords and special characters as column names - ok, not a very clever idea - will break sqltest on all of them. At least I didn't find a way to get it to work without patching zope. Searching the web I find various hints that many odbc,jdbc adapters and sql-db frontends use quoted names per default (psql). Unfortunately I don't want to pay to the ANSI-commitee for reading into the sql-standard, but I'm pretty sure every newer database supports that.

Even if it does, the proposed change will probably break lots of existing code.

Right, how about adding a argument like, let's say "sql_quote"? ;) Unfortunatly, I fear I'm have not enough knowledge in zope's internals to offer a clean patch.

I fear, in our projects, the fact that case does not matter has been widely used. We would have to change hundreds of SQL methods after the proposed change. For new projects, I would like to have it your way. However, this will be difficult to achieve.

I would like to see quoting as a standard, but you have a point. Maybe sql_quote is the way to go. cheers, oliver