[Zope-DB] Optional "Order By" clause
Philip Kilner
phil at xfr.co.uk
Thu Jul 15 11:06:16 EDT 2004
Hi Jim,
Jim Penny wrote:
> <dtml-if OrderBy>
> <dtml-var OrderBy sql_quote>
> </dtml-if>
>
Let me see if I have a clue about this: -
- <dtml-if> makes it conditional on the variable being supplied?
- OrderBy is my SQL fragment, e.g. "ORDER BY CandidateRef ASC"?
- sql_quote is a DTML construct?
I've not come accross sql-quote - can you point me to any docs?
> Note: I am not sure that this is 100% sql-injection safe. However,
> sql_quote should give you quite a bit of protection.
>
This will be run at low privileges, so that is not a huge concern...this
time (meaning once I figure out how to fly it, I have other uses for it!)
--
Regards,
PhilK
Email: phil at xfr.co.uk / Voicemail & Facsimile: 07092 070518
"The lyf so short, the craft so long to learne" - Chaucer
More information about the Zope-DB
mailing list