I would add that in appadmin.py there are several examples for using DAL when table and field names are generated at "runtime".
carlo On 24 Mag, 08:09, mdipierro <[email protected]> wrote: > > But I have some questions: > > > 1.- Is more safe to use  executesql? > > It is less safe because you must validate values yourself to avoid SQL- > injection vulnerabilities. > > > 2.- Advantage and disadvantage of executesql? > > No advantage if you have the option not to use it. If you need to > build a query that cannot be expressed within the DAL, like using a > function that it very specific of your database backend, then you have > no choice. > > > 3.- executesql is more faster? > > The difference with the DAL is negligible. > > > 4.- I'll have some troubles if I use executesql? > > A lot of extra work to avoid injections and your code will not > portable across databases. > > > 5.- If you know other method to make dynamic queries? > > You should use the DAL > > db.mytable.insert(myfield='myvalue') > db(db.myfield=='myvalue').select(orderby=db.mytable.myvalue) > etc. > > Massimo --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
