> Oliver Bleutgen writes:
> > Shouldn't tags for creating sql-statements in ZSQL
> > (like dtml-sqltest) quote the variables by default in order
> > to prevent unexpected conversions by the database?
> Did you check, that standard SQL supports quoted
First, I meant double quotes (") not single one's ('),
in case that wasn't clear.
I know that for mysql, postgres, oracle there are column names
which will surely break dtml-sqltest as it is implemented now.
Either lowercase letters (oracle, as you also noted) or uppercase
(the other two). I guess sql-keywords and special characters as
column names - ok, not a very clever idea - will break sqltest
on all of them. At least I didn't find a way to get it to
work without patching zope.
Searching the web I find various hints that many odbc,jdbc adapters
and sql-db frontends use quoted names per default (psql).
Unfortunately I don't want to pay to the ANSI-commitee for reading
into the sql-standard, but I'm pretty sure every newer database
> Even if it does, the proposed change will probably break
> lots of existing code.
Right, how about adding a argument like, let's say "sql_quote"? ;)
Unfortunatly, I fear I'm have not enough knowledge in zope's
internals to offer a clean patch.
> I fear, in our projects, the fact that case does not matter
> has been widely used.
> We would have to change hundreds of SQL methods
> after the proposed change.
> For new projects, I would like to have it your way.
> However, this will be difficult to achieve.
I would like to see quoting as a standard, but you have a point.
Maybe sql_quote is the way to go.
Zope maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -