[Zope] Zope Data Access Flaw?
Casey Duncan
cduncan@kaivo.com
Tue, 01 May 2001 15:52:54 -0600
Brian Withun wrote:
>=20
> I am using 2.1.4 (linux), and have stumbled across this little quirk...
>=20
> Create a ZSQL Method as follows:
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> SELECT <dtml-var "_.whrandom.randint(1000,9999)"> AS random_value
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>=20
> (Our ZSQL Method is connected to Sybase, but this works on MySQL as wel=
l)
>=20
> Then, simply test the ZSQL Method.
>=20
> Here's what I get:
>=20
> Random value
> ----------------
> 2754
>=20
> SQL used:
> select 7684 as random_value
>=20
> 2754 is clearly not the same as 7684.
>=20
> This is quite repeatable, with different random numbers each time.
> This works as expected if I replace the whrandom call with a constant,
> but I can't imagine how whrandom can be the culprit.
>=20
> Bri=E1n Withun
This is happening because Zope replays the method when it displays the
SQL after testing it. So, randint is being called twice. Once to send
the SQL code to the database and once more to display it on the screen.
--=20
| Casey Duncan
| Kaivo, Inc.
| cduncan@kaivo.com
`------------------>