[Zope] Re: [Zope-DB] sqlvar tag for text
Jim Penny
jpenny@universal-fasteners.com
Mon, 24 Feb 2003 17:58:42 -0500
On Mon, Feb 24, 2003 at 11:41:42PM +0100, Charlie Clark wrote:
>
> By "formatting" you mean linebreaks? These vary from platform to platform
> so it's not a good idea to rely on them anyway. Look at the following rows
> I stored without doing anything special:
>
> select * from whatever:
>
> This is "text"
> This is 'text'
> a new line\n
>
> What's missing?
>
> You definitely shouldn't use <dtml-var> because it's unsafe.
Note:
<dtml-sqlvar bah type=string>
and
'<dtml-var bah sql_quote>'
produce the same thing by the time the ZSQL engine sees it. Each is
equally safe. You must, however, never omit the sql_quote if you use
dtml-var in a ZSQL method. That is completely unsafe.
And there are times when ZSQL methods require the usage of dtml-var,
extra data munging, or an auxilliary method, most often in LIKE expressions.
As the sqlvar syntax does a better job of keeping your from shooting
yourself in the foot, it is generally to be preferred; but it does no
harm to have an extra arrow in your quiver.
Jim Penny
>
>
> _______________________________________________
> Zope-DB mailing list
> Zope-DB@zope.org
> http://mail.zope.org/mailman/listinfo/zope-db
>