[Zope] Zope Data Access Flaw?

Brian Withun brianw@hilgraeve.com
Tue, 1 May 2001 17:47:40 -0400


I am using 2.1.4 (linux), and have stumbled across this little quirk...


Create a ZSQL Method as follows:

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
SELECT <dtml-var "_.whrandom.randint(1000,9999)"> AS random_value
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D



(Our ZSQL Method is connected to Sybase, but this works on MySQL as well)

Then, simply test the ZSQL Method.

Here's what I get:



Random value
----------------
2754

SQL used:
select 7684 as random_value



2754 is clearly not the same as 7684.


This is quite repeatable, with different random numbers each time.
This works as expected if I replace the whrandom call with a constant,
but I can't imagine how whrandom can be the culprit.

Bri=E1n Withun