[Zope-DB] Using <dtml-var>s in ZSQL methods?
charlie at egenix.com
Sat Jun 16 15:54:18 EDT 2007
Am 16.06.2007, 21:19 Uhr, schrieb Ken Winter <ken at sunward.org>:
> p = [9765, 10058, 11333]
> s = ', '.join([str(x) for x in p])
> In either case, s ends up as the string "9765, 10058, 11333". That's
> gets passed to the ZSQL method (below), and that's where the trouble
> to be.
I find this code a bit convoluted and somewhat dangerous if you are
passing data from a web form. What's wrong with repeatedly calling a
delete_person() method that just accepts a single id as a <dtml-sqlvar>?
This stuff is coming from a web form so it probably won't be a huge list
so the speed won't matter.
If not, there is no need to explicity convert your parameters in a list
p = ", ".join(p)
p = str(p)[1:-1]
Have you declared id_list explicitly as an argument for your ZSQL method?
Keyword arguments will be ignored by ZSQL methods unless they are
explicitly declared as arguments.
Professional Python Services directly from the Source
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
:::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,MacOSX for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
More information about the Zope-DB