[Zope-DB] ZSQL and update, what is the correct way to deal with nulls?

Charlie Clark charlie@begeistert.org
Tue, 06 May 2003 23:04:35 +0200

On 2003-05-06 at 22:35:53 [+0200], David Wilbur wrote:
> ah... heh, sorry, i'm a python n00b... so is what people normally do is 
> when the form submits that they check all variables to see if they are "" 
> before they pass them on to the zsql method and convert them to 'None'?

This has nothing to do with being a n00b (I assume this means novice) but 
is plain good practice. ALWAYS check your data before passing it to the 
database. One good reason is that it is otherwise very easy to manipulate 
such data in ways you'd never dream of assuming that people will actually 
use your form. I know, I've done it enuff myself ;-)

The database should enforce data integriy but it will not prevent user 
error or abuse.

Depending on how you've set a form up, you may well not get a name/value 
pair at all so you can check and inform the user if necessary. I usually 
have a list of required fields against which I check against and then 
decide if I don't have a value. I always do this in a PythonScript because 
it's much easier than DTML. I try to have as little logic as possible in 
ZSQL methods or in ZPTs which hold the forms.


reqs = ['name', 'surname', 'age']
t = {'name':'', 'surname', 'age':0] # initialise a dictionary to 
									# pass to a ZSQL method

for req in reqs:
	if req not in request.form.keys():
		print "something is missing"

# this is where you might do value checking	

# this is nice way of safely filling your dictionary
for item, value in request.form.items():
	t[item] = value

insert_method(t) # pass the checked values to the database

Hope that makes sense. This is untried code as I'm currently trying to 
salvage my Data.fs (don't asked I did something wrong with "dd" :-( )