tablename.<dtml-var species sql_quote>
should work.  Be sure that you check that species is valid
before this call.  sql_quote should protect you from SQL injection,
but it is better to be safe.

jim



[EMAIL PROTECTED] wrote on 02/20/2006 05:46:49 PM:

> Hi,
> 
> In a ZSQL Method, I have tablename.<dtml-sqlvar species type="string">
> and I get tablename.'species_value', what I need is
> tablename."species_value".  Any idea how I can get Zope/ZSQL to not
> put in the single quotes (or use double quotes)?
> 
> Thanks,
> Jason.
> 
> --
> ........................................
> .... Jason C. Leach
> .... PGP Key: 0x62DDDF75
> .... Keyserver: gpg.mit.edu
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
> 

_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to