On Mar 30, 8:51 am, ctalley <ctal...@caci.com> wrote:
> Is it possible to use a session variable as a parameter in a SQL
> "WHERE" clause? See example below.
>
> #assign value to session variable
> session.mysession = ...
>
> #use session variable in web2py DAL query
> #*this works*
> rows=db(db.table.column==session.mysession).select(...)
this you can do
> #use session variable in SQL query
> #*this doesn't work* - 'no such column' error
> #is there any way to do this?
> rows=db.executesql('SELECT ...
> FROM ...
> WHERE table.column = session.mysession;')
>
this you can but the syntax has to be different and you have to do in
a way safe to prevent SQL injections. Should be:
from gluon.sql import sql_represent as sanitize
rows=db.executesql('SELECT ...
FROM ...
WHERE table.column = %s;' % sanitize
(session.mysession,'string','sqlite') )
> The obvious answer here is to just use what works (the DAL). However,
> I have some very complex queries already written in SQL and would
> rather not have to go to the trouble of morphing them into web2py DAL
> syntax.
>
> Thanks.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
