[Zope-DB] ZSQL and update, what is the correct way to deal with
nulls?
David Wilbur
wildboar@cybermesa.com
Tue, 06 May 2003 15:44:27 -0600
Charlie Clark wrote:
>On 2003-05-06 at 22:35:53 [+0200], David Wilbur wrote:
>
>
>>ah... heh, sorry, i'm a python n00b... so is what people normally do is
>>when the form submits that they check all variables to see if they are ""
>>before they pass them on to the zsql method and convert them to 'None'?
>>
>>
>
>This has nothing to do with being a n00b (I assume this means novice) but
>is plain good practice. ALWAYS check your data before passing it to the
>database. One good reason is that it is otherwise very easy to manipulate
>such data in ways you'd never dream of assuming that people will actually
>use your form. I know, I've done it enuff myself ;-)
>
correct, n00b = novice
i totally agree with what your saying here, being that as far as
database apps i am not a novice. it's amazing what some people type in
fields =).
>The database should enforce data integriy but it will not prevent user
>error or abuse.
>
>Depending on how you've set a form up, you may well not get a name/value
>pair at all so you can check and inform the user if necessary. I usually
>have a list of required fields against which I check against and then
>decide if I don't have a value. I always do this in a PythonScript because
>it's much easier than DTML. I try to have as little logic as possible in
>ZSQL methods or in ZPTs which hold the forms.
>
>ie.
>
>reqs = ['name', 'surname', 'age']
>t = {'name':'', 'surname', 'age':0] # initialise a dictionary to
> # pass to a ZSQL method
>
>for req in reqs:
> if req not in request.form.keys():
> print "something is missing"
>
># this is where you might do value checking
>
># this is nice way of safely filling your dictionary
>for item, value in request.form.items():
> t[item] = value
>
>insert_method(t) # pass the checked values to the database
>
>Hope that makes sense. This is untried code as I'm currently trying to
>salvage my Data.fs (don't asked I did something wrong with "dd" :-( )
>
>
thanks, and yes, the above makes sense.
in part i was getting frustrated with what i was coming up with as a
solution and was turning to this list to see if i could get some better
solutions that could help me move on. thanks to all for helping out,
this will definitly get me moving again.
dave