[Zope] safe sql queries

Graham Chiu anon_emouse@hotmail.com
Wed, 14 Jul 1999 09:04:29 +1200


In article <B059671903C6D211A0D500C0F0301C79139BC2@kubrick.mop.no>,
Alexander Staubo <alex@mop.no> writes
>This should work (untested):
>
><!--#sqlvar "'%' + _.string.upper(_['sequence-item']) + '%'"
>type=string-->

Thanks for the quick reply.  I will try this out, but in the meantime it
just occurred to me that changing the query to

description containing <!--#sqlvar sequence-item type=string-->

should do what I require.


-------
Regards,        Graham Chiu
gchiu<at>compkarori.co.nz