[Zope3-checkins] CVS: Products3/sqlexpr - README.txt:1.2 sqlexpr.py:1.2

Stephan Richter srichter@cosmos.phy.tufts.edu
Wed, 11 Jun 2003 10:24:40 -0400 

Update of /cvs-repository/Products3/sqlexpr
In directory cvs.zope.org:/tmp/cvs-serv28936

Modified Files:
	README.txt sqlexpr.py 
Log Message:
- Added some sql_quoting for strings

- Added another example.


=== Products3/sqlexpr/README.txt 1.1 => 1.2 ===
--- Products3/sqlexpr/README.txt:1.1	Wed Jun 11 00:14:58 2003
+++ Products3/sqlexpr/README.txt	Wed Jun 11 10:24:39 2003
@@ -12,7 +12,7 @@
   connection by setting the variable 'sql_conn'. From then on this connection
   is used to execute the SQL statements::
 
-    <html tal:define="sql_conn string:psycopg_test_reg">
+    <html tal:define="sql_conn string:psycopg_test">
       <body>
          <ul>
             <li tal:repeat="contact sql: SELECT * FROM contact">
@@ -26,7 +26,7 @@
   details at all, then you can simply specify the connection type and the DSN
   and the connection is created for you at runtime::
 
-    <html tal:define="rdb string:psycopgda; dsn string:dbi://test">
+    <html tal:define="rdb string:PsycopgDA; dsn string:dbi://test">
       <body>
          <ul>
             <li tal:repeat="contact sql: SELECT * FROM contact">
@@ -35,3 +35,16 @@
          </ul>
       </body>
     </html>
+
+  Example 3 - throwing in some variables to make it interesting::
+
+    <html tal:define="rdb string:PsycopgDA; dsn string:dbi://test">
+      <body>
+         <ul tal:define="name string:Stephan; table string:contact">
+            <li tal:repeat="
+                contact sql: SELECT * FROM ${table} WHERE name = '${name}'">
+              <b tal:content="contact/name" />
+            </li>
+         </ul>
+      </body>
+    </html>
\ No newline at end of file


=== Products3/sqlexpr/sqlexpr.py 1.1 => 1.2 ===
--- Products3/sqlexpr/sqlexpr.py:1.1	Wed Jun 11 00:14:58 2003
+++ Products3/sqlexpr/sqlexpr.py	Wed Jun 11 10:24:39 2003
@@ -61,6 +61,8 @@
         vvals = []
         for var in self._vars:
             v = var(econtext)
+            if isinstance(v, (str, unicode)):
+                v = sql_quote(v)
             vvals.append(v)
 
         if econtext.vars.has_key('sql_conn'):
@@ -85,3 +87,9 @@
 
     def __repr__(self):
         return '<SQLExpr %s>' % `self._s`
+
+
+def sql_quote(value):
+    if value.find("\'") >= 0:
+        value = "''".join(value.split("\'"))
+    return "%s" %value