Thanks for the suggestion below, it is definitely the way to handle queries
and I should have been doing it from the start. However, that didn't fix my
error. I found the solution in the TurboGears book (you'd think I would
have looked there first). Anyway, that select command now looks like this
and works great:
plants = Plant.select(Plant.q.name.startswith(searchText.encode('utf8')),
orderBy='plantNumber')
-Jim
-----Original Message-----
From:
Sent: None
Subject:
Message-ID: <[EMAIL PROTECTED]>
Date: Mon, 01 Jan 2007 11:53:01 +0100
From: "Diez B. Roggisch" <[EMAIL PROTECTED]>
User-Agent: Thunderbird 1.5.0.9 (Macintosh/20061207)
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
To: [email protected]
Subject: [TurboGears] Re: Passing parameter to SQLObject
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Reply-To: [email protected]
Sender: [email protected]
Precedence: bulk
X-Google-Loop: groups
Mailing-List: list [email protected];
contact [EMAIL PROTECTED]
List-Id: <turbogears.googlegroups.com>
List-Post: <mailto:[email protected]>
List-Help: <mailto:[EMAIL PROTECTED]>
List-Unsubscribe: <http://googlegroups.com/group/turbogears/subscribe>,
<mailto:[EMAIL PROTECTED]>
X-Spam-Score: -2.6 () BAYES_00,SPF_PASS
X-Scanned-By: MIMEDefang 2.55 on 205.173.176.20
Jim Steil schrieb:
Hi:
=20
=20
=20
I=92m trying to pass a parameter to my SQLObject object to subset the=20
select list. I=92m getting the following error:
=20
=20
=20
TypeError: decoding Unicode is not supported
=20
=20
=20
Here is my controller code. It works fine unless something is passed in=
=20
the searchText argument. Do I need to do something to the string that=20
passed in before I give it to SQLObject?
=20
=20
=20
/@tg.expose/(template=3D/'motion.templates.administration.plants'/)
=20
def *plants*(/self/, *args, **kw):
=20
import time
=20
try:
=20
searchText =3D kw[/'searchText'/]
=20
except KeyError:
=20
searchText =3D /''/
=20
if searchText:
=20
plants =3D Plant.select(/'name =3D \'%s\''/ % (searchText),=20
orderBy=3D/'plantNumber'/)
=20
else:
=20
plants =3D Plant.select(orderBy=3D/'plantNumber'/)
=20
tmplDict =3D {/'plants'/:plants, /'searchText'/:searchText}
=20
return dict(now=3Dtime.ctime(), menuLinks=3D/self/.menuLinks,=20
tmplDict=3DtmplDict, plantListWidget=3DplantListWidget)
=20
=20
=20
=20
=20
This works Ok in the tg-admin shell, but I=92m guessing that something is=
=20
happening to the string that is passed into the function that is causing=
=20
this.
Several remarks here:
Python has several ways of declaring literal strings. Single, double and=20
trippled quotes. So there is no need to escape quotes like this:
'\''
Just use double quotes.
Then building queries the way you do makes you vulnerable for SQL=20
injection attacks. Don't do it. Do it - if it is plain DB-API - with=20
parameters, like this:
cursor.select("select foo from bar where baz =3D ?", someValueForBaz)
However, as we deal with SO here, don't go with sql, go with the query=20
builder, like this:
Plant.select(Plant.q.name =3D=3D searchText)
Diez
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
