[Zope-DB] Dynamically generate sql-query in ZSQL Method

Peter Sabaini peter at sabaini.at
Tue Apr 6 19:35:49 EDT 2004

Ian Bicking wrote:
> On Apr 6, 2004, at 3:23 PM, Jim Penny wrote:
>> Ian has told you how to do it.  Now, I will tell you, don't do it.
> I would disagree with you -- not for some principled reason, but for a 
> very practical reason: Z SQL Methods suck.  A lot.  A huge, huge 
> amount.  They are horrible.  Generating your own SQL inline sucks.  A 
> lot.  It is horrible.  *Sometimes* the inline method is less horrible.  
> These are the unfortunate choices foisted upon us by the environment.
> (Actually, it's Z SQL plus the ZMI plus DTML that is the real poison, 
> IMHO -- they all work together to make things extra unpleasant)

Out of curiosity -- what is so horrible about ZSQL Methods? I use them 
quite extensively (though mostly to talk to stored procedures) and may 
have some nits but dont find them _that_ horrible...

> Note also that well designed SQL generation in Python isn't horrible.  A 
> Python script like:
> ## select_all
> ## parameters: table_name
> # re isn't available in the default Zope installation; I'd actually usually
> # do this with an extension method...
> import re
> assert re.search(r'^[a-zA-Z_][a-zA-Z0-9_]*$', table_name), "Invalid 
> table name: %s" % table_name
> return container.raw_sql(sql='SELECT * FROM %s' % table_name)
> That isn't so bad.  In fact, I would assert it is much better than the Z 
> SQL analog.

Personally, I'd rather encapsulate this in a stored procedure, or, if 
this isn't possible, in a Python class if I really _had_ to dynamically 
determine a table name.

  - peter.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3216 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.zope.org/pipermail/zope-db/attachments/20040407/eeac11eb/smime.bin

More information about the Zope-DB mailing list