Yes, with a stored procedure the DB does not have to reparse and
prepare a new plan for every query. This can be a major win. Esp.
on Oracle.
Remy Pinsonnault remypinsonna...@gmail.com
Sent by: zope-boun...@zope.org
02/17/2009 06:37 PM
To
zope-db@zope.org, z...@zope.org
cc
Subject
No, ZSQL really predates bind variables. That is, they we
available on a few systems, but were rare. If the Oracle
specialist has a reason for going to external methods, like
his server is seriously loaded, I would pay attention to him.
If he is just following some set of best practices, well,
Zope itself should not be running as root. The external method will run
as
whatever user zope is running as.
If you insist on doing this kind of thing, which is a pretty bad idea,
then
use os.system(...) or one of the popen(...) commands to call another
program
that you have permitted root
[EMAIL PROTECTED] wrote on 06/19/2007 08:20:44 PM:
Hi, thank you for taking the time to read this.
1. I'm trying to learn to write a website using zope, the progress
is good but i need to understand how can i call an zope object (ZPT
or SQL or Script) from a script in this setup:
I also have a broader question: When one is composing dynamic SQL in
Python
scripts, what are the pros and cons of executing them by going directly
to
the database adapter (as suggested above) vs passing it in as the sole
argument of an empty ZSQL method? By empty ZQL method I mean
An alternative is:
select * from students
where surname like '%dtml-var surname sql_quote%'
This is a bit more succinct, but if you use it, be sure not to
forget the sql_quote, or you will be open to sql injection problems.
jim penny
[EMAIL PROTECTED] wrote on 02/16/2007 02:57:37 AM:
On Fri,
[EMAIL PROTECTED] wrote on 01/11/2007 12:07:37 PM:
Hi,
I am writing a thesis about the security of Zope and have these
questions. I am wondering if this is the right place to ask.
Is Zope behind Apache the only solution to provide SSL connection to
Zope?
No, but it is the most common
[EMAIL PROTECTED] wrote on 01/08/2007 01:01:26 PM:
Why (the hell) are you (still) using DTML (as newbie). You are
strongly
encouraged to use ZPT.
My sense is that ZPT solves a problem which for most of us does not
exist. If you wish to have designers work directly on markup in an
HTML
[EMAIL PROTECTED] wrote on 08/10/2006
02:02:28 PM:
Vangelis Mihalopoulos wrote at 2006-8-10 10:58 +0300:
I have a zope app in a folder and have an exUserFolder in there to
authenticate the app's users. The app is working fine and i get
authenticated by the exUserFolder and everything
Suppose I have a variable foo that has value request/name|nothing.
Is it possible from a Python Script to have this evaluated as a TAL
expression?
Alternatives?
Thanks
jim
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
Thanks, the external method appears to work fine. I thought about the
silly Page Template, but forgot the path: modifier exists! But the EM
should be far faster, anyway.
Thanks again.
jim
[EMAIL PROTECTED] wrote on 06/21/2006 04:04:31 PM:
En/na [EMAIL PROTECTED] ha escrit:
Suppose I have
http://mail.zope.org/pipermail/zope-dev/1999-September/001414.html
The only auxiliary structure I ever use is names, i.e.
n2i = {}
res = container.foo_zsql()
nms = res.names()
for i in range(len(nms)):
n2i[nms[i]] = i
Then I can address by name as in
res[i][n2i['column_name']]
jim
Hello,
I think that your problem is in the fact that you have fed them all in
one long string (and may have autocommit on.)
If they were separate ZSQL methods, they would, in my experience,
roll back.
I recommend separating them into separate methods, with one insert
per method.
jim penny
[EMAIL
Great idea. Not to be recommended in general.
This works because every field is textual, and you are
sql-quoting by using type=string.
Here are the problems:
1) if someone reads this and does not use the type=string
tag, or equivalent, they will be wide open to sql injection.
2) OR, they can
OK, sorry about raising an issue that I was not around to comment on.
First, there seems to be a good deal of confusion on what FileSystemSite
or the DirectoryView portions of CMF are. They are simply a way to have
Zope2 programmatic content stored directly on the filesystem, including
dtml,
I don't particularly care one way or the other about ZClasses.
However, I would like to see FileSystemSite made part of the
base distribution.
jim penny
___
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No
I am perhaps being too lazy here. What is the minimal CMF
stuff to install to get the CMFCore/FS... objcts installed?
[EMAIL PROTECTED] wrote on 03/16/2006 03:05:45 PM:
On Thu, Mar 16, 2006 at 12:59:04PM -0500, Chris Kratz wrote:
Hello Paul,
How does the refresh interval work for
tablename.dtml-var species sql_quote
should work. Be sure that you check that species is valid
before this call. sql_quote should protect you from SQL injection,
but it is better to be safe.
jim
[EMAIL PROTECTED] wrote on 02/20/2006 05:46:49 PM:
Hi,
In a ZSQL Method, I have
On Tue, Jan 23, 2001 at 07:41:45AM +0100, Axel Missbach wrote:
[EMAIL PROTECTED] wrote:
On Sun, Jan 21, 2001 at 11:27:30AM +0100, Axel Missbach wrote:
Hey to all,
having installed the PoPy-Modul-2.01. The ZPoPyDa-1.01-pre2 doesnt find
it.
calling "import PoPy" in the
On Mon, Jan 22, 2001 at 07:55:28PM +0100, Dieter Maurer wrote:
Oliver Vecernik writes:
I'm designing an application gathering data with forms. Navigation
should be done with Prev and Next buttons. As long as I'm not leaving
the form data should be entered, processed and the *same* or
On Mon, Jan 22, 2001 at 12:11:31PM -0800, J B Bell wrote:
Dear comrades in zopeness:
For some time now I have been struggling trying to get Zope to talk to
Postgres. I am now nearly successful and hope that the revolutionary
spirit of fellow zopatistas will carry the day.
Background:
On Wed, Jan 17, 2001 at 04:36:29PM -0800, Andy McKay wrote:
Ive looked through the docs and Im sure I saw once (but cant see it now),
some sort of delimiter between SQL statements allowing me to put multiple
SQL statements in one SQLMethod. Was I imagining that?
--
Andy McKay.
No indeed,
On Thu, Dec 21, 2000 at 11:03:21PM +0100, Milos Prudek wrote:
Regarding the upcoming Zope Book:
There are some examples for UniqueValuesFor method and "_usage" syntax
(it looks that only values "range:min", "range:max" and "range:min:max"
are possible), but these are not mentioned in the
On Mon, Dec 18, 2000 at 09:10:54PM -0500, Ausum wrote:
Hello Andy, thanks for the advice.
It didn't work. Maybe I'm wrong at any point, so please tell me whether
it worked for you.
I'm aware that this problem has been discussed here before, that it
happens because of Python's object
On Fri, Dec 15, 2000 at 04:59:07PM -0800, Jonothan Farr wrote:
What sort of problems were you seeing with LocalFS? Maybe I can fix them.
Thanks,
--jfarr
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, December 15, 2000 4:22 PM
Subject: [Zope]
This is for Jos:
I ran into the same problem today. I had previously used this method,
and it works better than LocalFS for my purposes. Anyway, be absolutly
sure that your form says:
form method=post action=whatever method="multipart/form-data"
...
/form
Then you should be able to access
On Thu, Dec 14, 2000 at 04:56:15PM +, Hamish Lawson wrote:
I see that the latest version of the O'Reilly Zope book now talks about
Python and Perl *Scripts*, but refers still to DTML and ZSQL *Methods*.
Does this reflect some actual conceptual difference between a Script
and a Method, or
On Mon, Dec 04, 2000 at 03:27:23PM -0500, Evan Simpson wrote:
From: Chris Gray [EMAIL PROTECTED]
I notice that the CVS tree for Zope2 has incorporated
(internal)
PythonScripts and gotten rid of (external) PythonScripts.
This leaves the
old ExternalMethods but without the Bindings tab.
On Wed, Nov 08, 2000 at 05:08:13PM +0100, Oliver Bleutgen wrote:
Hamish Lawson [EMAIL PROTECTED] wrote
Python Zope Method
Perl Zope Method
SQL Zope Method
DTML Zope Method
Rebol Zope Method
Java Zope Method
VB Zope Method
Custom Zope Mthod
etc..
and perhaps let "Zope
On Wed, Nov 08, 2000 at 01:12:12PM -0500, Evan Simpson wrote:
From: Chris Withers [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Now, how about internal/external?
Safe and Flexible are probably more meaningful words there ;-)
ZMethod is growing though ;-)
We've pretty much settled
On Wed, Nov 08, 2000 at 05:48:22PM -0500, Jason Cunliffe wrote:
Evan Simpson [EMAIL PROTECTED] wrote
Safe and Flexible are probably more meaningful words there ;-)
ZMethod is growing though ;-)
We've pretty much settled on restricted/unrestricted here. In honor of
the presidential
On Wed, Nov 08, 2000 at 06:13:54PM -0500, Evan Simpson wrote:
From: Jason Cunliffe [EMAIL PROTECTED]
Good news: 'ZMethod' is nice and 'sounds' good, however one says it.
I agree, but then everyone around here thought that Zopelet was fairly
unobjectionable, even though nobody really
On Mon, Oct 23, 2000 at 03:07:25PM -0700, James Johnson wrote:
Is there a Wiki or some other starting point for this thread. As a
newbie I like safe vs power over anything else. I also understand
that with using anything in a power mode can be risky for a newbie.
It's nice to know that I
On Fri, Oct 20, 2000 at 01:01:59PM +0100, Chris Withers wrote:
This one is probably the most useful of the lot ;-)
From: Michel Pelletier [EMAIL PROTECTED]
Greetings,
Well, Jim, Evan, Brian and I pow-wowed yesterday and came up with an
interesting change. The world 'Method' is too
On Fri, Oct 20, 2000 at 02:18:47PM -0700, Michel Pelletier wrote:
[EMAIL PROTECTED] wrote:
The proposal is not for PythonScript but a "Python Script". We are not
inventing a new language, this is python, we are just coming up with the
name for an object. Don't capitalize it and you'll
On Thu, Sep 28, 2000 at 11:17:03PM -0400, [EMAIL PROTECTED] wrote:
Hi,
I am writing a dtml method that deletes data from a database, and I found
myself unable to do this. It seems that ZSQL is used to insert, update
and query a database. but can not use
"delete from table where
On Fri, Sep 29, 2000 at 06:19:35PM +0300, Erno Kuusela wrote:
Hello,
i'm obviously missing something obvious, but how does one
execute arbitrary sql statements from an external method?
Look at
http://www.zope.org/Members/jpenny/Accessing_a_ZSQL_Method_from_an_External_Method
Now think
Let me ask a more precise question.
Zope is not released under GPL.
Joe repleases a component which can be used with Zope under GPL license.
Zope.org makes it available for download, but in no way incorporates
it into their base system. (I.e., it is available for integration
by an end user).
On Wed, Sep 13, 2000 at 11:29:23PM +0200, Nils Kassube wrote:
I'm only pointing out what I think is a problem with using a
GPL'ed component in a Zope site.
My Zope-specific problem is: If I use a GPL'ed component in a complex
object oriented environment like Zope, does this mean that the
On Thu, Aug 24, 2000 at 10:05:18AM +1000, Curtis Maloney wrote:
On Thu, 24 Aug 2000, [EMAIL PROTECTED] wrote:
I would like to construct a pull down of the users defined in
an acl_users of a particular location.
I am doing this soon, also, so I've put in a little thought on the problem.
I would like to construct a pull down of the users defined in
an acl_users of a particular location.
Say in particular, that /protected/acl_users exists. How do
I find (in dtml or in python), the list of names defined in that
particular acl_users.
To slightly generalize, how would one
On Wed, Aug 09, 2000 at 04:48:07PM +0100, Seb Bacon wrote:
yup, this is how i work too.
how about adding some javascript to the manage_* methods that reload the
related window (if it's open) whenever the source changes, too? a problem
with this might be ending up with a mass of windows
On Thu, Jul 20, 2000 at 11:38:23AM -0400, Chris McDonough wrote:
No, unfortunately, you need to stop and restart the browser.
Well, netscape 4.73 at least identifies http://server:8080 and
http://server.whatever.com:8080 as separate authentication
domains. So, you can use one as your
On Thu, Jul 20, 2000 at 12:27:01PM -0500, Theodore Patrick wrote:
What is the DTML syntax for nested in statements. Here is an example.
EXAMPLE 1: NO VARIABLE PASSING
GOAL: loop 4 times and with each loop run the category_method and print out
the
. For example, I get this traceback:
Traceback (innermost last):
File /home/jpenny/zope/Zope-2.2.0b4-src/lib/python/ZPublisher/Publish.py, line 222,
in publish_module
File /home/jpenny/zope/Zope-2.2.0b4-src/lib/python/ZPublisher/Publish.py, line 187,
in publish
File /home/jpenny/zope/Zope
On Mon, Jul 10, 2000 at 01:42:48PM -0500, Nitesh Dhanjani wrote:
On Mon, 10 Jul 2000, Sebastien Douche wrote:
Le Mon, Jul 10, 2000 at 10:49:27AM -0500, Nitesh Dhanjani à écrit:
# Im trying to access a postres database from within zope. I have
# ZPoPyDA-0.5.tar.gz installed along
On Mon, Jul 10, 2000 at 05:39:27PM -0500, Nitesh Dhanjani wrote:
On Mon, 10 Jul 2000 [EMAIL PROTECTED] wrote:
On Mon, Jul 10, 2000 at 01:42:48PM -0500, Nitesh Dhanjani wrote:
On Mon, 10 Jul 2000, Sebastien Douche wrote:
Le Mon, Jul 10, 2000 at 10:49:27AM -0500,
On Wed, Jul 05, 2000 at 01:31:56PM -0800, [EMAIL PROTECTED] wrote:
I am a new user to Zope and I'm trying to pass data that has been
entered into a form (either through GET or POST) into another
object. This object calls a z sql method to insert the form data into
the database. So far,
On Tue, Jun 27, 2000 at 12:05:56PM +1000, Andrew Kenneth Milton wrote:
+[ Dieter Maurer ]-
| Andrew Kenneth Milton writes:
|
| So...
| dtml-in "bcd_statement(a=a, b=b, c=c)"
| Alternatively, you could place the values from
On Mon, Jun 19, 2000 at 08:50:14AM -0500, Jim Sanford wrote:
For the most part all a ZSQL method does is used some specialized DTML
syntax to contruct a string that is your SQL query. You can create a ZQL
method, say "GenericSQL", that has 1 parameter, let's call it
"SQLStatement", whose sole
50 matches
Mail list logo