RE: [Zope] dtml-sqlvar quote

2000-10-20 Thread Farrell, Troy
y, October 20, 2000 3:22 AM To: [EMAIL PROTECTED] Subject: Re: [Zope] dtml-sqlvar quote Hi all thanks for the help. Just on that. Is it safe to do select * from data where like '% as search_term could contain '; drop table blah; ' or what ever. I thought by using you c

Re: [Zope] dtml-sqlvar quote

2000-10-20 Thread Mark Twiddy
Hi all thanks for the help. Just on that. Is it safe to do select * from data where like '% as search_term could contain '; drop table blah; ' or what ever. I thought by using you could use untrusted values. Thanks again Mark On Fri, 20 Oct 2000, Tony McDonald wrote: > > > >Hi all > >

Re: [Zope] dtml-sqlvar quote

2000-10-20 Thread Tony McDonald
> >Hi all > >How can i pass a string to a sql method that won't be quoted. > >i.e so i can do somthing like this > >. >group by foo,blah >order by > > >thanks mark > don't quote it? ... order by I use this all the time for things like select * from data where like '%%' tone ___

Re: [Zope] dtml-sqlvar quote

2000-10-19 Thread Curtis Maloney
On Fri, 20 Oct 2000, Mark Twiddy wrote: > Hi all > > How can i pass a string to a sql method that won't be quoted. > > i.e so i can do somthing like this > > . > ggroup by foo,blah > order by > don't use sqlvar... just put: order by works for me. (o8 > > thanks mark > Have a better one

[Zope] dtml-sqlvar quote

2000-10-19 Thread Mark Twiddy
Hi all How can i pass a string to a sql method that won't be quoted. i.e so i can do somthing like this . group by foo,blah order by thanks mark ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cr