[Zope] Zope-killer: zSQL method that crashes Zope

Andy Gates andyg@ravenfamily.org
Thu, 20 Jul 2000 22:14:53 +0100


Here's a thing.  Those problems I was having with some sort of Zope-killing 
page have been tracked down to a particular zSQL method.

The zSQL method is duff, in that is should fail - the perils of late-night 
coding on decaf, I fear - but it should fail neatly with a Zope error, not 
crash out the Python interpreter and force some poor schmuck to restart the 
limping Zope process.  I don't know whether this is a peculiarity to my 
setup (NT4SP6, IIS4, Zope2, Access97 database) or a general problem; 
perhaps some of the developer-hatted Zopistas could take a look?

The poison SQL is this:

	select (<dtml-var field>, field2)
	from tablename
	where (field1= <dtml-sqlvar parameter1 type=string>
	       and <dtml-var field> <> '')

Where two parameters are passed to the method, namely "field" and 
"parameter1".  parameter1 is fed in as a dtml-sqlvar and searches against 
the table's field1 column.  field is passed in as a dtml-var and is used to 
define which of the table's other fields is retruned.  field2 is always 
returned.

What makes the SQL duff is the parentheses around the fields in the first 
part of the SELECT.  They're not required and if you remove them to produce 
the zSQL below, it works fine.

	select <dtml-var field>, field2
	from tablename
	where (field1= <dtml-sqlvar parameter1 type=string>
	       and <dtml-var field> <> '

So why does it kill Python?  I'm only vaguely concerned now that I've found 
the fault, because of course the SQL is canned and no developer could get 
their hands on it - but this experience redoubles my acceptance of the 
notion of canned SQL!

	AndyG

"I don't suffer from stress.  I'm just a carrier."