[Zope-DB] Properly quoting string in ZSQLMethod for Postgresql (psycopg2)

Dieter Maurer dieter at handshake.de
Wed Aug 9 13:40:46 EDT 2006


Maciej Zi-Bęba wrote at 2006-8-9 12:53 +0200:-A
>I need to insert a python string into Postgresql's text field. I'm using
>a ZSQLMethod with ZPsycopgDA and the template looks like this:
>
>
>'INSERT INTO records (zope_id, title, long_description)
>VALUES (<dtml-sqlvar zope_id type="string">,
><dtml-sqlvar title type="string">,
><dtml-sqlvar long_description type="string">)'
>
>
>long_description is the text field.
>
>With most of my data it works fine, but there are some "long
>descriptions" that are really complicated with lots of quotes (both
>singular ', as well as double ") and what's worse - they have SQL syntax
>inside!

If you call your "ZSQLMethod" with a parameter "src__=1", then
it will return the generated SQL.

Look at it and check whether the string was properly SQL quoted.
If not, file a bug report.



-- 
Dieter


More information about the Zope-DB mailing list