Chris Withers wrote:
> Casey Duncan wrote:
> >
> > sql_quote. So the output SQL of the two respective examples you gave
> > would be:
> >
> > SELECT * from x WHERE y='value'
> >
> > SELECT * from x WHERE y=value
> Okay, so <dtml-var sec sql_quote> is broken? ;-)
> cheers,
> Chris

No, that behavior is intentional. dtml-var has no way of knowing the
intended type of the value like sql-var does, so it makes no
assumptions. What I think is confusing you is the name 'sql_quote'. This
refers to escaping SQL significant characters (like ' or ;) not putting
quotes around the output. It is analagous to the html_quote and
url_quote options.

Because of this, dtml-var can be used places that sql-var cannot. For
instance you could use it to affect different parts of the SQL other
than just the WHERE clause, such as the ORDER BY clause for example.
| Casey Duncan
| Kaivo, Inc.

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to