Re: [Zope] Please help with DTML-in (newbie)
thanks you all!! This helped a lot!Tino Wildenhain <[EMAIL PROTECTED]> wrote: J Cameron Cooper schrieb:> Alric Aneron wrote:> >> Hello, I am new to Zope and DTML.>> I am trying to use a python script to call a Z SQL method. The python>> script also has a list that >> over. so my python script:>> -python script>> words = ['one', 'two']>> context.REQUEST.set('wordlist', wordlist)>> rs = context.myzsqlmethod()>> return rs[0,2]>> -z sql script:>> SELECT * FROM table>> WHERE>> >> column1 LIKE ('' OR>> column2 LIKE '') >> sequence-end> AND >> And dont use in ZSQL Methods.In your example, use instead.Even if you hardcode the wordlist, but even more if its comingfrom request somewhere. Yahoo! Photos Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Please help with DTML-in (newbie)
J Cameron Cooper schrieb: > Alric Aneron wrote: > >> Hello, I am new to Zope and DTML. >> I am trying to use a python script to call a Z SQL method. The python >> script also has a list that > over. so my python script: >> -python script >> words = ['one', 'two'] >> context.REQUEST.set('wordlist', wordlist) >> rs = context.myzsqlmethod() >> return rs[0,2] >> -z sql script: >> SELECT * FROM table >> WHERE >> >> column1 LIKE ('' OR >> column2 LIKE '') > sequence-end> AND >> And dont use in ZSQL Methods. In your example, use instead. Even if you hardcode the wordlist, but even more if its coming from request somewhere. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] Please help with DTML-in (newbie)
> I am trying to use a python script to call a Z SQL method. The python You need to have defined "words" as parameter for ZSQL Metod. You have tried to call property wordlist which is not exit. Here are your ZSQL with safety (not functional) concern: words:string SELECT * FROM table WHERE ( column1 LIKE '%%' OR column2 LIKE '%%' ) AND And here are some functional tips for you: > -z sql script: > SELECT * FROM table > WHERE > > column1 LIKE ('' OR > column2 LIKE '') end> AND > Nice example for easy SQL injection! ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Please help with DTML-in (newbie)
Alric Aneron wrote: Hello, I am new to Zope and DTML. I am trying to use a python script to call a Z SQL method. The python script also has a list that over. so my python script: -python script words = ['one', 'two'] context.REQUEST.set('wordlist', wordlist) rs = context.myzsqlmethod() return rs[0,2] -z sql script: SELECT * FROM table WHERE column1 LIKE ('' OR column2 LIKE '') sequence-end> AND --- But it doesn't want to, gives me.. *Error Type: NameError* *Error Value: name 'wordlist' is not defined *I tried feeding the variable into the ZSQL arguments list, but i got something like "cannot concatenate a module with a str" Can anyone please help me? Thank you! It complains about 'wordlist' because it is not defined anywhere. Perhaps you mean 'words' in the second line? To pass a param to the ZSQL method, just say:: context.myzsqlmethod(words=words) This will put it in the namespace. --jcc -- "Building Websites with Plone" http://plonebook.packtpub.com/ Enfold Systems, LLC http://www.enfoldsystems.com ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Please help with DTML-in (newbie)
Hello, I am new to Zope and DTML. I am trying to use a python script to call a Z SQL method. The python script also has a list that -python script words = ['one', 'two'] context.REQUEST.set('wordlist', wordlist) rs = context.myzsqlmethod() return rs[0,2] -z sql script: SELECT * FROM table WHERE column1 LIKE ('' OR column2 LIKE '') AND--- But it doesn't want to, gives me.. Error Type: NameErrorError Value: name 'wordlist' is not defined I tried feeding the variable into the ZSQL arguments list, but i got something like "cannot concatenate a module with a str" Can a nyone please help me? Thank you! Yahoo! Shopping Find Great Deals on Holiday Gifts at Yahoo! Shopping ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )