[Zope-DB] ZSQL and update, what is the correct way to deal
with nulls?
Charlie Clark
charlie@begeistert.org
Tue, 06 May 2003 23:04:35 +0200
On 2003-05-06 at 22:35:53 [+0200], David Wilbur wrote:
>
> ah... heh, sorry, i'm a python n00b... so is what people normally do is
> when the form submits that they check all variables to see if they are ""
> before they pass them on to the zsql method and convert them to 'None'?
This has nothing to do with being a n00b (I assume this means novice) but
is plain good practice. ALWAYS check your data before passing it to the
database. One good reason is that it is otherwise very easy to manipulate
such data in ways you'd never dream of assuming that people will actually
use your form. I know, I've done it enuff myself ;-)
The database should enforce data integriy but it will not prevent user
error or abuse.
Depending on how you've set a form up, you may well not get a name/value
pair at all so you can check and inform the user if necessary. I usually
have a list of required fields against which I check against and then
decide if I don't have a value. I always do this in a PythonScript because
it's much easier than DTML. I try to have as little logic as possible in
ZSQL methods or in ZPTs which hold the forms.
ie.
reqs = ['name', 'surname', 'age']
t = {'name':'', 'surname', 'age':0] # initialise a dictionary to
# pass to a ZSQL method
for req in reqs:
if req not in request.form.keys():
print "something is missing"
# this is where you might do value checking
# this is nice way of safely filling your dictionary
for item, value in request.form.items():
t[item] = value
insert_method(t) # pass the checked values to the database
Hope that makes sense. This is untried code as I'm currently trying to
salvage my Data.fs (don't asked I did something wrong with "dd" :-( )
Charlie