One remark on ZPT : I quickly scanned docs and I read that ZPT can only be used for generation of well-formed HTML docs . We use DocumentTemplates also as 'SQL query templates' (we give the '.dsql' extension) - so ZPT couldn't fully replace DocumentTemplates as we currently use them.
That is quite true. Z SQL methods (in Zope) are the one place I still use DTML. I used to use it for emails as well (at least in Zope -- I'd just use string substitution in Webware), but I've started using ZPT for this, and then converting the minimal HTML (p and br tags) to strings after the template is rendered.
In Webware I use SQLObject (sqlobject.org) for database access, which makes most SQL generation unnecessary, and has a query building syntax for many SQL generation needs, and allows raw SQL for the most complex queries. Some applications that are more relational (i.e., more tables, more complex queries) may find SQLObject to be too difficult to adapt to the database. MiddleKit has a similar scope.
Note that especially Java developers seem to love smelling code a la
sql += "WHERE userName='" + userName + "';";
, really this stinks, where the python variant
Yes, that's bad.
""" WHERE userName='%s'; """ % (userName)
merely smells , but
More than smells, it is also insecure. When using the raw DB API, you should do:
cursor.execute("... WHERE userName = %s", (userName,))Note the lack of '. The database driver will do the proper quoting for you, and protect against SQL injection. Lots of people aren't aware of this functionality, so I thought it should be noted for the benefit of anyone listening who is accessing databases this way.
-- Ian Bicking / [EMAIL PROTECTED] / http://blog.ianbicking.org
------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Webware-discuss mailing list Webware-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/webware-discuss
