[Zope] sequence / int handling (DTML)

Dylan Reinhardt zope@dylanreinhardt.com
27 Jun 2003 11:28:21 -0700 

Dieter's right, of course, but that's not the whole story.

You can, in fact, embed suffixes like ":list" to control how variables
are collected by Zope.  Doing so, however, gives clients a greater
degree of control over whether your application functions properly. 
Worse, it encourages taking shortcuts in the one area you should
probably be putting more effort: data validation.

If you use this as Dieter suggests, you're only prepared for one case:
that your data arrives pre-formatted into a list.  If it arrives in any
other form, your app may choke.  Worse yet, it might not choke, but will
function in some unintended way -- iterating over a string instead of a
list, for example. The degree to which this matters will vary.  

IMO, any serious web app should be validating *everything* clients send
before any action is taken on it.  Assuming you're *doing* validation,
the suffix trick is of dubious value... if you're not doing validation,
you probably should be.  Really, that doesn't leave a lot of useful
problem space for the suffix trick to cover.

I'd recommend against building "strong typing" kinds of assumptions into
your applications.  Such expectations are neither very dependable nor do
they have much in common with Python best practices.

That said, *lots* of people use this trick, including many of the
smartest and most experienced among us.  You'll be in good company if
you use this trick... but I you'll have better apps if you don't.

$.02,

Dylan




On Thu, 2003-06-26 at 15:43, Dieter Maurer wrote:
> David Siedband wrote at 2003-6-24 16:33 -0700:
>  > I have a DTML page where users can choose location(s) to link to a 
>  > hypothesis.  So there's an HTML multiple selection field.  I have code 
>  > that calls SQL to insert multiple selections and code that calls the 
>  > SQL insert for a single entry.  My question is how do get Zope to 
>  > differentiate between the two scenarios and use the appropriate code.  
> 
> The easiest way is not to have two scenarios but a single one (a list).
> You can use the ":list" type suffix for your control variable.
> Details in
> 
>   <http://www.dieter.handshake.de/pyprojects/zope/book/chap3.html>
> 
> You can also use "_.same_type" to check the type of your variable.
> Sometimes, this might be necessary. In your special case, it would
> be suboptimal.
> 
> 
> Dieter
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )