[Zope-DB] ZSQL and update, what is the correct way to deal with nulls?

David Wilbur wildboar@cybermesa.com
Tue, 06 May 2003 15:44:27 -0600 

Charlie Clark wrote:

>On 2003-05-06 at 22:35:53 [+0200], David Wilbur wrote:
>  
>
>>ah... heh, sorry, i'm a python n00b... so is what people normally do is 
>>when the form submits that they check all variables to see if they are "" 
>>before they pass them on to the zsql method and convert them to 'None'?
>>    
>>
>
>This has nothing to do with being a n00b (I assume this means novice) but 
>is plain good practice. ALWAYS check your data before passing it to the 
>database. One good reason is that it is otherwise very easy to manipulate 
>such data in ways you'd never dream of assuming that people will actually 
>use your form. I know, I've done it enuff myself ;-)
>
correct, n00b = novice

i totally agree with what your saying here, being that as far as 
database apps i am not a novice.  it's amazing what some people type in 
fields =).  

>The database should enforce data integriy but it will not prevent user 
>error or abuse.
>
>Depending on how you've set a form up, you may well not get a name/value 
>pair at all so you can check and inform the user if necessary. I usually 
>have a list of required fields against which I check against and then 
>decide if I don't have a value. I always do this in a PythonScript because 
>it's much easier than DTML. I try to have as little logic as possible in 
>ZSQL methods or in ZPTs which hold the forms.
>
>ie.
>
>reqs = ['name', 'surname', 'age']
>t = {'name':'', 'surname', 'age':0] # initialise a dictionary to 
>									# pass to a ZSQL method
>
>for req in reqs:
>	if req not in request.form.keys():
>		print "something is missing"
>
># this is where you might do value checking	
>
># this is nice way of safely filling your dictionary
>for item, value in request.form.items():
>	t[item] = value
>
>insert_method(t) # pass the checked values to the database
>
>Hope that makes sense. This is untried code as I'm currently trying to 
>salvage my Data.fs (don't asked I did something wrong with "dd" :-( )
>  
>

thanks, and yes, the above makes sense.

in part i was getting frustrated with what i was coming up with as a 
solution and was turning to this list to see if i could get some better 
solutions that could help me move on.  thanks to all for helping out, 
this will definitly get me moving again.

dave