[Zope] Re: sql_quote in dtml-var in zsql-Methods
Elena Schulz
elena.schulz at gmx.net
Fri Aug 8 11:16:26 EDT 2003
Hi Jim,
thanks for your answer. Yes, I know about the quoting problem and what
dtml-var does. But acording to my findings dtml-var plus sql_quote doesn't
do the same thing. I couldn't find that it was doing anything with the
quoting. That's why I'm asking. Also the different way dtml-var plus
fmt=sql-quote. But I will check again.
But another question: what should be done in the following construct:
select <dtml-var myCol> from <dtml-sqlvar myTable>
Here another kind of quoting would be needed or the following could be done:
myCols = "a_table_col from a_table; delete * from a_table; select * "
Thats the same problem, isn't it? What would help here? Just a double
quoting like: select "<dtml-var myCol>" from <dtml-sqlvar myTable>?
-- Elena
More information about the Zope
mailing list