yes. basically db.tablename is the same as db['tablename']
and db.tablename.fieldname is the same as db['tablename']['fieldname'] and db.tablename['fieldname'] On May 24, 9:09 am, carlo <[email protected]> wrote: > I would add that in appadmin.py there are several examples for using > DAL when table and field names are generated at "runtime". > > carlo > > On 24 Mag, 08:09, mdipierro <[email protected]> wrote: > > > > But I have some questions: > > > > 1.- Is more safe to use executesql? > > > It is less safe because you must validate values yourself to avoid SQL- > > injection vulnerabilities. > > > > 2.- Advantage and disadvantage of executesql? > > > No advantage if you have the option not to use it. If you need to > > build a query that cannot be expressed within the DAL, like using a > > function that it very specific of your database backend, then you have > > no choice. > > > > 3.- executesql is more faster? > > > The difference with the DAL is negligible. > > > > 4.- I'll have some troubles if I use executesql? > > > A lot of extra work to avoid injections and your code will not > > portable across databases. > > > > 5.- If you know other method to make dynamic queries? > > > You should use the DAL > > > db.mytable.insert(myfield='myvalue') > > db(db.myfield=='myvalue').select(orderby=db.mytable.myvalue) > > etc. > > > Massimo > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
