[Zope-DB] MS SQL and \
Matthew T. Kromer
matt@zope.com
Thu, 20 Sep 2001 15:42:27 -0400
Andy McKay wrote:
>Ok so this isnt directly Zope related, but a friendlier group of sql experts
>you wont find elsewhere :)
>
>Im trying to write into a database a python script with the line
>continuation character in it: eg:
>a = a + \
> b
>
>So surely enough I ran that through a ZSql method and its coming out as "a =
>a + b", inside the RDBMS. Sure enough \ at the end of a line needs to be
>escaped. sqlvar.py isnt escaping the \ as \\... so I fixed that but it then
>returned "a = a + \ b" (no newline)
>
>Before I start beating up ms sql server is there some obvious escaping Im
>not doing here? I really dont want to munge all the places this may occur
>since we use lots of different ways to read the data out of the database...
>
>Thanks in advance.
>--
> Andy McKay.
>
Eep!
This is a direct consequence of the data being sent into the database as
strings, not as positional parameters. I would guess that ZSql methods
can be tweaked by simple re-coding to allow you to embed a line-end
character for SQL -- but my preferred solution is to try to use bind
values instead (which Zope does not support at this time but is on my
wish-list to pull some patches and do some other work to support.)