> Oliver Bleutgen writes:
>  > Shouldn't tags for creating sql-statements in ZSQL
>  > (like dtml-sqltest) quote the variables by default in order
>  > to prevent unexpected conversions by the database?
> Did you check, that standard SQL supports quoted
> names?

First, I meant double quotes (") not single one's ('),
in case that wasn't clear.

I know that for mysql, postgres, oracle there are column names
which will surely break dtml-sqltest as it is implemented now.
Either lowercase letters (oracle, as you also noted) or uppercase
(the other two). I guess sql-keywords and special characters as
column names - ok, not a very clever idea - will break sqltest
on all of them. At least I didn't find a way to get it to 
work without patching zope.

Searching the web I find various hints that many odbc,jdbc adapters
and sql-db frontends use quoted names per default (psql).
Unfortunately I don't want to pay to the ANSI-commitee for reading
into the sql-standard, but I'm pretty sure every newer database
supports that.

> Even if it does, the proposed change will probably break
> lots of existing code.

Right, how about adding a argument like, let's say "sql_quote"? ;)
Unfortunatly, I fear I'm have not enough knowledge in zope's 
internals to offer a clean patch.

> I fear, in our projects, the fact that case does not matter
> has been widely used.
> We would have to change hundreds of SQL methods
> after the proposed change.
> For new projects, I would like to have it your way.
> However, this will be difficult to achieve.

I would like to see quoting as a standard, but you have a point.
Maybe sql_quote is the way to go.


Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to