[Zope-DB] Dynamically generate sql-query in ZSQL Method
Peter Sabaini
peter at sabaini.at
Tue Apr 6 19:35:49 EDT 2004
Ian Bicking wrote:
> On Apr 6, 2004, at 3:23 PM, Jim Penny wrote:
>
>> Ian has told you how to do it. Now, I will tell you, don't do it.
>
>
> I would disagree with you -- not for some principled reason, but for a
> very practical reason: Z SQL Methods suck. A lot. A huge, huge
> amount. They are horrible. Generating your own SQL inline sucks. A
> lot. It is horrible. *Sometimes* the inline method is less horrible.
> These are the unfortunate choices foisted upon us by the environment.
>
> (Actually, it's Z SQL plus the ZMI plus DTML that is the real poison,
> IMHO -- they all work together to make things extra unpleasant)
Out of curiosity -- what is so horrible about ZSQL Methods? I use them
quite extensively (though mostly to talk to stored procedures) and may
have some nits but dont find them _that_ horrible...
> Note also that well designed SQL generation in Python isn't horrible. A
> Python script like:
>
> ## select_all
> ## parameters: table_name
> # re isn't available in the default Zope installation; I'd actually usually
> # do this with an extension method...
> import re
> assert re.search(r'^[a-zA-Z_][a-zA-Z0-9_]*$', table_name), "Invalid
> table name: %s" % table_name
> return container.raw_sql(sql='SELECT * FROM %s' % table_name)
>
>
> That isn't so bad. In fact, I would assert it is much better than the Z
> SQL analog.
Personally, I'd rather encapsulate this in a stored procedure, or, if
this isn't possible, in a Python class if I really _had_ to dynamically
determine a table name.
- peter.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3216 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.zope.org/pipermail/zope-db/attachments/20040407/eeac11eb/smime.bin
More information about the Zope-DB
mailing list