> But I have some questions: > > 1.- Is more safe to use  executesql?
It is less safe because you must validate values yourself to avoid SQL- injection vulnerabilities. > 2.- Advantage and disadvantage of executesql? No advantage if you have the option not to use it. If you need to build a query that cannot be expressed within the DAL, like using a function that it very specific of your database backend, then you have no choice. > 3.- executesql is more faster? The difference with the DAL is negligible. > 4.- I'll have some troubles if I use executesql? A lot of extra work to avoid injections and your code will not portable across databases. > 5.- If you know other method to make dynamic queries? You should use the DAL db.mytable.insert(myfield='myvalue') db(db.myfield=='myvalue').select(orderby=db.mytable.myvalue) etc. Massimo --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
