[Zope-DB] Safe way to insert variable column names for order by?

[Jeff Kowalczyk]

I'm just getting started with ZSQL methods, and I wondered if there was a safe or
recommended way to handle dynamic queries that parameterize their sorting and other
'non-test'. If I use dtml-sqlvar, sort and order will be quoted, which is incorrect SQL.

<params>ShipmentDate=11/06/2002
sort=ShipmentID
order=asc</params>
select ShipmentID, ShipmentDate, LocationAddress
from Shipments
where <dtml-sqltest ShipmentDate op=eq type=string>
and ShipperID = 'MyShipper'
and DeliveredTo is not null
order by <dtml-var sort> <dtml-var order>