--- ZSQLExtend/ZSQLExtend.py	2003/12/03 17:38:43	1.2
+++ ZSQLExtend/ZSQLExtend.py	2003/12/23 17:56:01	1.4
@@ -5,6 +5,7 @@ from Globals import DTMLFile
 import urllib
 import re
 import string
+from pyPgSQL import libpq
 from AccessControl import getSecurityManager
 
 def quoteString(name):
@@ -48,7 +49,7 @@ class ZSQLExtendFolder(Persistent, Impli
         valueList=[]
         for x in addList.keys():
             keyList.append("\""+x+"\"")
-            valueList.append("\'"+addList[x]+"\'")
+            valueList.append(libpq.PgQuoteString(addList[x]))
 
         keyString=string.join(keyList,",")
         valueString=string.join(valueList,",")
@@ -57,7 +58,41 @@ class ZSQLExtendFolder(Persistent, Impli
         self.search(var=queryString)
         return self.REQUEST.RESPONSE.redirect(format)
         
-    def ZSQLChange(self):
+    def ZSQLChange(self,**argv):
+        """Ändern von Einträgen"""
+        #qs=self.REQUEST['QUERY_STRING']
+        # very bad hack
+        qs_temp=[]
+    
+        for a in self.REQUEST.form.keys():
+            qs_temp.append(a+"="+urllib.quote(str(self.REQUEST.form[a])))
+
+        qs=string.join(qs_temp,"&")
+
+    
+        #print "CHANGE QS",self.REQUEST
+        #return self.REQUEST
+        changeList=[]
+        for q in qs.split("&"):
+            name=urllib.unquote(re.sub("r'+'"," ",q.split("=")[0].lower()))
+            value=q.split("=")[1]
+            value=re.sub(r'\+'," ",value)
+	    value=urllib.unquote(value)
+	    if name=="-table":
+                table=urllib.unquote(value)
+            elif name=="-identify":
+                identify=urllib.unquote(value)
+                identify=identify.split("=")[0]+"="+libpq.PgQuoteString(identify.split("=")[1])
+            elif name=="-format":
+                format=urllib.unquote(value)
+            elif (not name[0]=="-") and (not len(value)==0):
+                changeList.append("\""+name+"\"="+libpq.PgQuoteString(urllib.unquote(value)))
+        changeString=string.join(changeList,",")
+        queryString="UPDATE %s SET %s WHERE %s"%(table,changeString,identify)
+        self.search(var=queryString)
+        return self.REQUEST.RESPONSE.redirect(format)
+
+    def ZSQLChange_old(self):
         """Ändern von Einträgen"""
         qs=self.REQUEST['QUERY_STRING']
         #print "CHANGE QS",self.REQUEST
@@ -72,11 +107,11 @@ class ZSQLExtendFolder(Persistent, Impli
                 table=urllib.unquote(value)
             elif name=="-identify":
                 identify=urllib.unquote(value)
-                identify=identify.split("=")[0]+"=\'"+identify.split("=")[1]+"\'"
+                identify=identify.split("=")[0]+"="+libpq.PgQuoteString(identify.split("=")[1])
             elif name=="-format":
                 format=urllib.unquote(value)
             elif (not name[0]=="-") and (not len(value)==0):
-                changeList.append("\""+name+"\"=\'"+urllib.unquote(value)+"\'")
+                changeList.append("\""+name+"\"="+libpq.PgQuoteString(urllib.unquote(value)))
         changeString=string.join(changeList,",")
         queryString="UPDATE %s SET %s WHERE %s"%(table,changeString,identify)
         self.search(var=queryString)