--- ZSQLExtend/ZSQLExtend.py	2003/11/28 15:03:10	1.1
+++ ZSQLExtend/ZSQLExtend.py	2003/12/11 17:22:51	1.3
@@ -5,8 +5,14 @@ from Globals import DTMLFile
 import urllib
 import re
 import string
+from pyPgSQL import libpq
 from AccessControl import getSecurityManager
 
+def quoteString(name):
+    #return re.sub(r'([\(\)\?])',"\\\1",name)
+    #return "Euklid"
+    return name
+
 class ZSQLExtendFolder(Persistent, Implicit, Folder):
     """Folder"""
     meta_type="ZSQLExtendFolder"
@@ -15,7 +21,9 @@ class ZSQLExtendFolder(Persistent, Impli
         """inlinesearch"""
         qs=[]
         
-            
+    
+
+    
         for a in argv.keys():
             qs.append(a+"="+urllib.quote(str(argv[a])))
 
@@ -41,7 +49,7 @@ class ZSQLExtendFolder(Persistent, Impli
         valueList=[]
         for x in addList.keys():
             keyList.append("\""+x+"\"")
-            valueList.append("\'"+addList[x]+"\'")
+            valueList.append(libpq.PgQuoteString(addList[x]))
 
         keyString=string.join(keyList,",")
         valueString=string.join(valueList,",")
@@ -65,11 +73,11 @@ class ZSQLExtendFolder(Persistent, Impli
                 table=urllib.unquote(value)
             elif name=="-identify":
                 identify=urllib.unquote(value)
-                identify=identify.split("=")[0]+"=\'"+identify.split("=")[1]+"\'"
+                identify=identify.split("=")[0]+"="+libpq.PgQuoteString(identify.split("=")[1])
             elif name=="-format":
                 format=urllib.unquote(value)
             elif (not name[0]=="-") and (not len(value)==0):
-                changeList.append("\""+name+"\"=\'"+urllib.unquote(value)+"\'")
+                changeList.append("\""+name+"\"="+libpq.PgQuoteString(urllib.unquote(value)))
         changeString=string.join(changeList,",")
         queryString="UPDATE %s SET %s WHERE %s"%(table,changeString,identify)
         self.search(var=queryString)
@@ -102,16 +110,29 @@ class ZSQLExtendFolder(Persistent, Impli
         whereList=[]
         sort=""
         op="bw"
-
+        opfields={}
+        
         if not select:
             select="*"
-        
+
+        #check for op in the case of inline search
+        if iCT=="_":            
+            for q in qs.split(","):
+                name=re.sub("r'+'"," ",q.split("=")[0].lower())
+                value=urllib.unquote(q.split("=")[1])
+
+                if name[0:3]==iCT+"op":
+                    op=value
+                    field=name[4:]
+                    opfields[field]=op
+
+        #now analyse the querystring
         for q in qs.split(","):
             try:
 
                 name=re.sub("r'+'"," ",q.split("=")[0].lower())
                 value=urllib.unquote(q.split("=")[1])
-
+                value=quoteString(value)
                 if name==iCT+"lop":
                     lop=value
                 elif name==iCT+"table":
@@ -130,8 +151,12 @@ class ZSQLExtendFolder(Persistent, Impli
 
                 elif name==iCT+"op":
                     op=value
+                    
+                
 
                 elif (not name[0]==iCT) and (not len(value)==0):
+                    if opfields.has_key(name):
+                        op=opfields[name]
                     if op=="ct":
                         whereList.append(name+"~\'.*"+value+".*\'")
                     elif op=="gt":
@@ -155,6 +180,7 @@ class ZSQLExtendFolder(Persistent, Impli
         
         query="SELECT %s FROM %s %s %s"%(select,table,where,sort)
 
+        self.REQUEST.SESSION['qs']=opfields
         return self.search(var=query)
     
     def ZSQLSearch(self):