[Zope] Zope-killer: zSQL method that crashes Zope

Daniel Rusch drusch@globalcrossing.com
Fri, 21 Jul 2000 08:59:16 -0500 

If it matters to anyone, Andy isn't the only one with Zope killing ZSQL
Methods ....
I just spent way too much time trying to figure out why our stage enviroment
was crashing.
Turns out to be a ZSQL method which fails. Of course it wasn't wrapped in a
try/except .
Oh well, so much for standards...!

DR


Andy Gates wrote:

> Here's a thing.  Those problems I was having with some sort of Zope-killing
> page have been tracked down to a particular zSQL method.
>
> The zSQL method is duff, in that is should fail - the perils of late-night
> coding on decaf, I fear - but it should fail neatly with a Zope error, not
> crash out the Python interpreter and force some poor schmuck to restart the
> limping Zope process.  I don't know whether this is a peculiarity to my
> setup (NT4SP6, IIS4, Zope2, Access97 database) or a general problem;
> perhaps some of the developer-hatted Zopistas could take a look?
>
> The poison SQL is this:
>
>         select (<dtml-var field>, field2)
>         from tablename
>         where (field1= <dtml-sqlvar parameter1 type=string>
>                and <dtml-var field> <> '')
>
> Where two parameters are passed to the method, namely "field" and
> "parameter1".  parameter1 is fed in as a dtml-sqlvar and searches against
> the table's field1 column.  field is passed in as a dtml-var and is used to
> define which of the table's other fields is retruned.  field2 is always
> returned.
>
> What makes the SQL duff is the parentheses around the fields in the first
> part of the SELECT.  They're not required and if you remove them to produce
> the zSQL below, it works fine.
>
>         select <dtml-var field>, field2
>         from tablename
>         where (field1= <dtml-sqlvar parameter1 type=string>
>                and <dtml-var field> <> '
>
> So why does it kill Python?  I'm only vaguely concerned now that I've found
> the fault, because of course the SQL is canned and no developer could get
> their hands on it - but this experience redoubles my acceptance of the
> notion of canned SQL!
>
>         AndyG
>
> "I don't suffer from stress.  I'm just a carrier."
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )