[Zope] Zope-killer: zSQL method that crashes Zope

Chris McDonough chrism@digicool.com
Fri, 21 Jul 2000 10:19:16 -0400


If you haven't added your problems to the Collector on Zope.org, it
would be very good to do so... it doesn't seem that anybody from the
community is coming up with a fix and a lot of folks from DC out at the
O'Reilly open source convention... putting this in the Collector ensures
that it'll get addressed.

> -----Original Message-----
> From: Daniel Rusch [mailto:drusch@globalcrossing.com]
> Sent: Friday, July 21, 2000 9:59 AM
> To: Andy Gates
> Cc: zope@zope.org; andy.gates@bristol.ac.uk; ian.sealy@bristol.ac.uk;
> jan.grant@bristol.ac.uk; paul.browning@bristol.ac.uk
> Subject: Re: [Zope] Zope-killer: zSQL method that crashes Zope
> 
> 
> If it matters to anyone, Andy isn't the only one with Zope 
> killing ZSQL
> Methods ....
> I just spent way too much time trying to figure out why our 
> stage enviroment
> was crashing.
> Turns out to be a ZSQL method which fails. Of course it 
> wasn't wrapped in a
> try/except .
> Oh well, so much for standards...!
> 
> DR
> 
> 
> Andy Gates wrote:
> 
> > Here's a thing.  Those problems I was having with some sort 
> of Zope-killing
> > page have been tracked down to a particular zSQL method.
> >
> > The zSQL method is duff, in that is should fail - the 
> perils of late-night
> > coding on decaf, I fear - but it should fail neatly with a 
> Zope error, not
> > crash out the Python interpreter and force some poor 
> schmuck to restart the
> > limping Zope process.  I don't know whether this is a 
> peculiarity to my
> > setup (NT4SP6, IIS4, Zope2, Access97 database) or a general problem;
> > perhaps some of the developer-hatted Zopistas could take a look?
> >
> > The poison SQL is this:
> >
> >         select (<dtml-var field>, field2)
> >         from tablename
> >         where (field1= <dtml-sqlvar parameter1 type=string>
> >                and <dtml-var field> <> '')
> >
> > Where two parameters are passed to the method, namely "field" and
> > "parameter1".  parameter1 is fed in as a dtml-sqlvar and 
> searches against
> > the table's field1 column.  field is passed in as a 
> dtml-var and is used to
> > define which of the table's other fields is retruned.  
> field2 is always
> > returned.
> >
> > What makes the SQL duff is the parentheses around the 
> fields in the first
> > part of the SELECT.  They're not required and if you remove 
> them to produce
> > the zSQL below, it works fine.
> >
> >         select <dtml-var field>, field2
> >         from tablename
> >         where (field1= <dtml-sqlvar parameter1 type=string>
> >                and <dtml-var field> <> '
> >
> > So why does it kill Python?  I'm only vaguely concerned now 
> that I've found
> > the fault, because of course the SQL is canned and no 
> developer could get
> > their hands on it - but this experience redoubles my 
> acceptance of the
> > notion of canned SQL!
> >
> >         AndyG
> >
> > "I don't suffer from stress.  I'm just a carrier."
> >
> > _______________________________________________
> > Zope maillist  -  Zope@zope.org
> > http://lists.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists -
> >  http://lists.zope.org/mailman/listinfo/zope-announce
> >  http://lists.zope.org/mailman/listinfo/zope-dev )
> 
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>