[Zope-DB] Using <dtml-var>s in ZSQL methods?
Charlie Clark
charlie at egenix.com
Sat Jun 16 15:54:18 EDT 2007
Am 16.06.2007, 21:19 Uhr, schrieb Ken Winter <ken at sunward.org>:
> p = [9765, 10058, 11333]
> s = ', '.join([str(x) for x in p])
> "
> In either case, s ends up as the string "9765, 10058, 11333". That's
> what
> gets passed to the ZSQL method (below), and that's where the trouble
> seems
> to be.
I find this code a bit convoluted and somewhat dangerous if you are
passing data from a web form. What's wrong with repeatedly calling a
delete_person() method that just accepts a single id as a <dtml-sqlvar>?
This stuff is coming from a web form so it probably won't be a huge list
so the speed won't matter.
If not, there is no need to explicity convert your parameters in a list
comprehension:
p = ", ".join(p)
or even
p = str(p)[1:-1]
Have you declared id_list explicitly as an argument for your ZSQL method?
Keyword arguments will be ignored by ZSQL methods unless they are
explicitly declared as arguments.
Charlie
--
Charlie Clark
eGenix.com
Professional Python Services directly from the Source
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
:::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,MacOSX for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
More information about the Zope-DB
mailing list