[Zope] variable SQL statements

Antonio Carrasco antoniojezu@hotmail.com
Sun, 9 Sep 2001 21:00:17 +0200 

Yes, the quoting is a security option used with dtml-sqlvar and sql-test.
Try only dtml-var.
CREATE TABLE <dtml-var tablename>......

Regards
Antonio Carrasco
"If you look heedfully Reality, You will be able to see pixels"
----- Original Message -----
From: "ed colmar" <ecolmar@qwest.net>
To: <zope@zope.org>
Sent: Monday, September 10, 2001 9:01 PM
Subject: [Zope] variable SQL statements


> Hey everyone!
>
> I'm working on a strange database project, and I've run into a little
> stumbling block.  Thought I'd bounce this off the group and see if there's
> any workarounds...
>
> my goal:
>
> build a SQL statement that will create a table with a name provided by an
> external method.
>
>
>
> -- my first attempt | this is the contents of a sql method --
>
> CREATE TABLE <dtml-sqlvar tablename type=nb>_<dtml-sqlvar tabletype
type=nb>
> (
> testfield VARCHAR(75)
> )
>
> ------------------------
>
>
>
>
> But when it gets rendered, the variables get quoted. =(
>
> So, I found jPenny's Variable SQl statement how-to, and tried using it
> instead:
>
>
>
>
>
> -- my second attempt | this is the contents of a sql method --
>
> <dtml-var "sqltablecall">
>
> ------------------------
>
> -- this is the contents of an external method --
>
>     mastertablename = "somename_standardtable"
>     sqltablecall = "CREATE TABLE " + mastertablename + " ( testfield
> VARCHAR(75) )"
>     self.SQL_create_master_table(sqltablecall=sqltablecall)
>
> ------------------------
>
> This returns a "bad request" error...  Apparently the variable cannot be
> passed directly like this..??
>
>
>
> My questions:   Is there a way to disable quoting in SQLvars?  OR, how do
I
> go about adding the sqltablecall variable into the request (which I'm
> assuming is where it's looking).
>
> Thanks for any ideas!
>
> -ed-
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>