[Zope] INSERT/UPDATE in SQL methods
Phillip J. Eby
pje@telecommunity.com
Tue, 17 Aug 1999 07:19:35 -0500
At 12:08 PM 8/17/99 +0200, Martijn Pieters wrote:
>At 04:38 17/08/99 , Evan Simpson wrote:
>>UPDATE "addressbook" SET "email" = '<!--#var email sql_quote-->' WHERE
>>"name" =
>><!--#sqlvar name type=string-->
>
>Wow, don't confuse poor Bradford, who has been hassled enough I am sure,
>with erroneous code as well!
>
>Above line should read:
>
>UPDATE addressbook SET email = <!--#var email sql_quote--> WHERE name =
><!--#sqlvar name=name type=string-->
>
>because sql_quote will add the quotes for you, you don't have to do this
>yourself, and 'name' is not only the name of the variable you want to
>insert, but also the name of an attribute of the sqlvar tag.
I'm afraid you're BOTH wrong. It's:
UPDATE addressbook
SET email = '<!--#var email sql_quote-->'
WHERE name = <!--#sqlvar name=name type=string-->
or:
UPDATE addressbook
SET email = '<!--#var email sql_quote-->'
WHERE name = '<!--#var name sql_quote-->'
'sql_quote' doesn't add quotes; it only escapes embedded quotes.