[Zope-DB] Safe way to insert variable column names for order by?

Jeff Kowalczyk jtk@yahoo.com
Tue, 12 Nov 2002 11:05:51 -0500

I'm just getting started with ZSQL methods, and I wondered if there was a safe or
recommended way to handle dynamic queries that parameterize their sorting and other
'non-test'. If I use dtml-sqlvar, sort and order will be quoted, which is incorrect SQL.

select ShipmentID, ShipmentDate, LocationAddress
from Shipments
where <dtml-sqltest ShipmentDate op=eq type=string>
and ShipperID = 'MyShipper'
and DeliveredTo is not null
order by <dtml-var sort> <dtml-var order>