[Zope] Re: sql_quote in dtml-var in zsql-Methods
Elena Schulz
elena.schulz at gmx.net
Mon Aug 11 11:44:06 EDT 2003
Hi Jim,
> poof, goodbye data!
thank you very, very much for your extensive answer. It enlighted my
understandig a lot and I think it should be made more public, may be as a
part of the Zope Book ZSQL-Section. I didn't find it that clear elsewhere
and I am shure it will prevent many others from data loss ...
My problems checking sql_quote were that I didn't use the ' ' around
'<dtml-var color sql_quote>' so there could be no effect of course.
I will take your advice of restrict myself of getting
> cute trying to build all-singing, all-dancing queries.
> The simpler the query is, the easier it is to audit, the easier it is to
maintain, and the easier it is to modify.
For SQL-Queries the philosopie "less is more" doesn't seem to be true.
-- So thanks again, Elena
More information about the Zope
mailing list