I would add that in appadmin.py there are several examples for using DAL when table and field names are generated at "runtime".
carlo On 24 Mag, 08:09, mdipierro <mdipie...@cs.depaul.edu> wrote: > > But I have some questions: > > > 1.- Is more safe to use  executesql? > > It is less safe because you must validate values yourself to avoid SQL- > injection vulnerabilities. > > > 2.- Advantage and disadvantage of executesql? > > No advantage if you have the option not to use it. If you need to > build a query that cannot be expressed within the DAL, like using a > function that it very specific of your database backend, then you have > no choice. > > > 3.- executesql is more faster? > > The difference with the DAL is negligible. > > > 4.- I'll have some troubles if I use executesql? > > A lot of extra work to avoid injections and your code will not > portable across databases. > > > 5.- If you know other method to make dynamic queries? > > You should use the DAL > > db.mytable.insert(myfield='myvalue') > db(db.myfield=='myvalue').select(orderby=db.mytable.myvalue) > etc. > > Massimo --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
