[Zope-DB] Using <dtml-var>s in ZSQL methods?

Charlie Clark charlie at egenix.com
Sat Jun 16 15:54:18 EDT 2007

Am 16.06.2007, 21:19 Uhr, schrieb Ken Winter <ken at sunward.org>:

> p = [9765, 10058, 11333]
> s = ', '.join([str(x) for x in p])
> "
> In either case, s ends up as the string "9765, 10058, 11333".  That's  
> what
> gets passed to the ZSQL method (below), and that's where the trouble  
> seems
> to be.

I find this code a bit convoluted and somewhat dangerous if you are  
passing data from a web form. What's wrong with repeatedly calling a  
delete_person() method that just accepts a single id as a <dtml-sqlvar>?  
This stuff is coming from a web form so it probably won't be a huge list  
so the speed won't matter.

If not, there is no need to explicity convert your parameters in a list  
p = ", ".join(p)
or even
p = str(p)[1:-1]

Have you declared id_list explicitly as an argument for your ZSQL method?  
Keyword arguments will be ignored by ZSQL methods unless they are  
explicitly declared as arguments.

Charlie Clark

Professional Python Services directly from the Source
>>> Python/Zope Consulting and Support ...        http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/

:::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,MacOSX for free ! ::::

     eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
     D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
            Registered at Amtsgericht Duesseldorf: HRB 46611

More information about the Zope-DB mailing list