[Zope-dev] sql_quote problem?
Casey Duncan
cduncan@kaivo.com
Thu, 22 Mar 2001 07:55:51 -0700
Chris Withers wrote:
>
> Casey Duncan wrote:
> >
> > sql_quote. So the output SQL of the two respective examples you gave
> > would be:
> >
> > SELECT * from x WHERE y='value'
> >
> > SELECT * from x WHERE y=value
>
> Okay, so <dtml-var sec sql_quote> is broken? ;-)
>
> cheers,
>
> Chris
No, that behavior is intentional. dtml-var has no way of knowing the
intended type of the value like sql-var does, so it makes no
assumptions. What I think is confusing you is the name 'sql_quote'. This
refers to escaping SQL significant characters (like ' or ;) not putting
quotes around the output. It is analagous to the html_quote and
url_quote options.
Because of this, dtml-var can be used places that sql-var cannot. For
instance you could use it to affect different parts of the SQL other
than just the WHERE clause, such as the ORDER BY clause for example.
--
| Casey Duncan
| Kaivo, Inc.
| cduncan@kaivo.com
`------------------>