[Zope-DB] Using <dtml-var>s in ZSQL methods?

Charlie Clark charlie at egenix.com
Sat Jun 16 15:54:18 EDT 2007


Am 16.06.2007, 21:19 Uhr, schrieb Ken Winter <ken at sunward.org>:

> p = [9765, 10058, 11333]
> s = ', '.join([str(x) for x in p])
> "
> In either case, s ends up as the string "9765, 10058, 11333".  That's  
> what
> gets passed to the ZSQL method (below), and that's where the trouble  
> seems
> to be.

I find this code a bit convoluted and somewhat dangerous if you are  
passing data from a web form. What's wrong with repeatedly calling a  
delete_person() method that just accepts a single id as a <dtml-sqlvar>?  
This stuff is coming from a web form so it probably won't be a huge list  
so the speed won't matter.

If not, there is no need to explicity convert your parameters in a list  
comprehension:
p = ", ".join(p)
or even
p = str(p)[1:-1]

Have you declared id_list explicitly as an argument for your ZSQL method?  
Keyword arguments will be ignored by ZSQL methods unless they are  
explicitly declared as arguments.

Charlie
-- 
Charlie Clark
eGenix.com

Professional Python Services directly from the Source
>>> Python/Zope Consulting and Support ...        http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________

:::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,MacOSX for free ! ::::

     eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
     D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
            Registered at Amtsgericht Duesseldorf: HRB 46611


More information about the Zope-DB mailing list