Re: [Zope] newbie question -- database list/report with sort bycolumn header
Hi, Chris Gray schrieb: > > Here's a fragment from a table that allows sorting by clicking the header > in a dtml method named 'displayTable': > > > > ID > Product > > > > Then feed sort_key into your SQLSelectQuery to use in an ORDER BY clause. > > select * from table order by > You schould never do so. Unquoted variables in SQL-statements are high security risc if they came from REQUEST. As an example someone can send a string which ends a statement and begins a new one, like drop table. Instead reference only an index of a list with the columns to sort. oder by is also a solution. The index ranges from 1 to number of returned values. Regards Tino > You can change the properties of an object in DTML by callling its > manage_changeProperties method, for example: > > > > will changes the value of foo's bar property to 'New Value'. > > There are several ways of getting the effect of assigning variables in > DTML, but it really isn't meant to have a direct way of declaring and > assigning variables. The way you're trying to use an object's properties > will, I believe, cause problems in the case of simultaneous users, because > it will act as a global variable. > > Cheers, > Chris > > On Mon, 4 Dec 2000, John Cappelletti wrote: > > > > > I am listing the results of a database query using dtml-in. I'd like to > > be able to give the user the option to re-sort the list by clicking on a > > column header. ok... I'm starting small with a form and radio buttons to > > allow the user to specify the sort. > > > > I've created what I believe to be a global variable for this page using > > the property screen. The variable is to capture the column name for the > > sort. My simple question is how do I assign a value to this variable > > inside of the dtml method! I'm not finding a description of variable > > assignment in the documentation (yeah, I must be missing the obvious). > > > > Any pointers would be appreciated. (also, know if anyone has > > implemented interactive sort by column header?) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] newbie question -- database list/report with sort bycolumn header
Here's a fragment from a table that allows sorting by clicking the header in a dtml method named 'displayTable': ID Product Then feed sort_key into your SQLSelectQuery to use in an ORDER BY clause. select * from table order by You can change the properties of an object in DTML by callling its manage_changeProperties method, for example: will changes the value of foo's bar property to 'New Value'. There are several ways of getting the effect of assigning variables in DTML, but it really isn't meant to have a direct way of declaring and assigning variables. The way you're trying to use an object's properties will, I believe, cause problems in the case of simultaneous users, because it will act as a global variable. Cheers, Chris On Mon, 4 Dec 2000, John Cappelletti wrote: > > I am listing the results of a database query using dtml-in. I'd like to > be able to give the user the option to re-sort the list by clicking on a > column header. ok... I'm starting small with a form and radio buttons to > allow the user to specify the sort. > > I've created what I believe to be a global variable for this page using > the property screen. The variable is to capture the column name for the > sort. My simple question is how do I assign a value to this variable > inside of the dtml method! I'm not finding a description of variable > assignment in the documentation (yeah, I must be missing the obvious). > > Any pointers would be appreciated. (also, know if anyone has > implemented interactive sort by column header?) > > thanks, > John Cappelletti > AverStar, Inc. > 1593 Spring Hill Road, Suite 700 > Vienna, VA 22182-2249 > Tel: (703) 827-2606 x 4291 (also, 301 443-7509) > Fax: (703) 827-5560 > > > > ___ > Zope maillist - [EMAIL PROTECTED] > http://lists.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://lists.zope.org/mailman/listinfo/zope-announce > http://lists.zope.org/mailman/listinfo/zope-dev ) > ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )