[Zope] safe sql queries

Alexander Staubo alex@mop.no
Tue, 13 Jul 1999 23:22:46 +0200


Not having the SQL92 spec at hand, I can only guess that this syntax is
a proprietary extension to SQL, much like SQL Server 7.0's contains()
predicate*. Whatever suits your application, really, but if you're
thinking about portability, "like" is the way to go.

[*] a rather useful construct for fuzzy full-text searching. It supports
boolean expressions, wildcards, ranking, prefixing, proximity searching
(eg., "near"), weighted keywords, word variants (eg., plurals), etc.

--
Alexander Staubo             http://www.mop.no/~alex/
"He could open a tin of sardines with his teeth, strike a Swan Vestas
on his chin, rope steers, drive a steam locomotive and hum all the
works of Gilbert and Sullivan without becoming confused or breaking
down in tears."
--Robert Rankin, _The Book of Ultimate Truths_

>-----Original Message-----
>From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of
>Graham Chiu
>Sent: 13. juli 1999 23:12
>To: zope@zope.org
>Subject: Re: [Zope] safe sql queries
>
>
>In article <B059671903C6D211A0D500C0F0301C79139BC2@kubrick.mop.no>,
>Alexander Staubo <alex@mop.no> writes
>>This should work (untested):
>>
>><!--#sqlvar "'%' + _.string.upper(_['sequence-item']) + '%'"
>>type=string-->
>
>Thanks for the quick reply.  I will try this out, but in the
>meantime it
>just occurred to me that changing the query to
>
>description containing <!--#sqlvar sequence-item type=string-->
>
>should do what I require.
>
>
>-------
>Regards,        Graham Chiu
>gchiu<at>compkarori.co.nz
>
>_______________________________________________
>Zope maillist  -  Zope@zope.org
>http://www.zope.org/mailman/listinfo/zope
>
>(For developer-specific issues, use the companion list,
>zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
>