[Zope] Re: sql_quote in dtml-var in zsql-Methods

Elena Schulz elena.schulz at gmx.net
Fri Aug 8 11:16:26 EDT 2003


Hi Jim,

thanks for your answer. Yes, I know about the quoting problem and what
dtml-var does. But acording to my findings dtml-var plus sql_quote doesn't
do the same thing. I couldn't find that it was doing anything with the
quoting. That's why I'm asking. Also the different way dtml-var plus
fmt=sql-quote. But I will check again.

But another question: what should be done in the following construct:

select  <dtml-var myCol> from <dtml-sqlvar myTable>

Here another kind of quoting would be needed or the following could be done:
myCols = "a_table_col from a_table; delete * from a_table; select * "
Thats the same problem, isn't it? What would help here? Just a double
quoting like: select "<dtml-var myCol>" from <dtml-sqlvar myTable>?

-- Elena




More information about the Zope mailing list