Hi,<br><br>Have you tried Rakun Project for this problem. It supports MySQL, PostgreSQL and SQLite for now. But it can handle all kind of SQL databases.<br><br>Please take a look at its web site:<br><br><a href="http://www.rakun.org/">
http://www.rakun.org/</a><br><br>For all kind of questions about it, you can contact me<br><br><br>>Content-Type: text/plain; charset="US-ASCII"<br>><br>>Great idea. Not to be recommended in general.<br>
><br>>This works because every field is textual, and you are<br>>sql-quoting by using type=string.<br>><br>>Here are the problems:<br>>1) if someone reads this and does not use the type=string<br>>tag, or equivalent, they will be wide open to sql injection.
<br>>2) OR, they can pass a list of type with each variable.<br>>3) If you have to handle casts, then you will have to pass<br>>a list of cast-types, as well.<br>><br>>So, you have essentially moved the problem from making at
<br>>least one insertion call per table to a single insertion method<br>>that requires the creation of two, three, or four lists. This does<br>>not self-evidently require less work.<br>><br>>You can no longer inspect the method to see if it is correct.
<br>>You have to look to each call-point to determine what is actually<br>>being used. Just as bad, your application goes happily on its way if you<br>>are missing (non-key) variables.<br>><br>>Keep zsql methods a simple as possible. Use as few tricks as
<br>>possible. Your goal is self-evident correctness, not the minimization<br>>of typing.<br><br>>jim penny<br><br><br><a href="mailto:zope-bounces@zope.org">zope-bounces@zope.org</a> wrote on 04/13/2006 02:23:22 PM:
<br><br>> Whenever I'm using SQL databases in zope, I always seem to have to make<br>> a ZSQL instance for inserting into every table in my database, and they<br>> are all nearly the same - they just have a list of all the fields in the
<br>> database in the parameters, then they say:<br>><br>> insert into [table] ([list of fields]) values ([list of <dtml-sqlvar>s])<br>><br>> I'd much rather have a dictionary of fields and values, and just throw
<br>> it at the DB, not having to make those queries for every table. I have<br>> acheived it like so:<br>><br>> mydict = {"field1":"value1" , "field2":"value2" ,...}<br>
> (fields,values)=zip(*myDict.items())<br>> context.genericInsert(table='table name',fields=fields,values<br>=values)<br>><br>> Where generic insert is the following ZSQL method:<br>> insert into "<dtml-var table>"
<br>> (<dtml-in expr="fields">"<dtml-var sequence-item>"<dtml-if<br>> sequence-end><dtml-else>,</dtml-if></dtml-in>)<br>> values (<dtml-in expr="values"><dtml-sqlvar sequence-item
<br>> type=string><dtml-if sequence-end><dtml-else>,</dtml-if></dtml-in>);<br>><br>> with parameters:<br>> * table - table name<br>> * fields - list of fieldnames<br>> * values - list of values in the same order
<br>><br>> What do other people think of this? Is it a really bad idea?<br>><br>> Robert Munro<br>> _______________________________________________<br>> Zope maillist - <a href="mailto:Zope@zope.org">Zope@zope.org
</a><br>> <a href="http://mail.zope.org/mailman/listinfo/zope">http://mail.zope.org/mailman/listinfo/zope</a><br>> ** No cross posts or HTML encoding! **<br>> (Related lists -<br>> <a href="http://mail.zope.org/mailman/listinfo/zope-announce">
http://mail.zope.org/mailman/listinfo/zope-announce</a><br>> <a href="http://mail.zope.org/mailman/listinfo/zope-dev">http://mail.zope.org/mailman/listinfo/zope-dev</a> )<br>><br>