[Zope] Re: sql_quote in dtml-var in zsql-Methods

Elena Schulz elena.schulz at gmx.net
Mon Aug 11 11:44:06 EDT 2003


Hi Jim,

> poof, goodbye data!
thank you very, very much for your extensive answer. It enlighted my
understandig a lot and I think it should be made more public, may be as a
part of the Zope Book ZSQL-Section. I didn't find it that clear elsewhere
and I am shure it will prevent many others from data loss ...

My problems checking sql_quote were that I didn't use the '  ' around
'<dtml-var color sql_quote>' so there could be no effect of course.

I will take your advice of restrict myself of getting
> cute trying to build all-singing, all-dancing queries.
> The simpler the query is, the easier it is to audit, the easier it is to
maintain, and the easier it is to modify.

For  SQL-Queries the philosopie "less is more" doesn't seem to be true.

-- So thanks again, Elena








More information about the Zope mailing list