Re: [Zope-DB] ZPTs and database accesses
Jaroslav Lukesh wrote: with discuss about security it is possible to query sql directly from dtml/zpt with yourZSQLmethod like this: sqlquery:string and corresponding dtml method: ... Yes, although you're opening yourself to a world of SQL injection vulnerabilities by doing so ;-) Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope-DB mailing list Zope-DB@zope.org http://mail.zope.org/mailman/listinfo/zope-db
Re: [Zope-DB] ZPTs and database accesses
Dne Ätvrtek, 28. dubna 2005 20:17 Andreas Jung <[EMAIL PROTECTED]> napsal(a): > You have not read the book correctly. First statement just said that you > can't SQL queries using ZPT. In Zope you specify SQL queries using > *ZSQL methods* that use DTML as markup language...this is not the same > as defining SQL inside DTML methods/documents or Page Templates. with discuss about security it is possible to query sql directly from dtml/zpt with yourZSQLmethod like this: sqlquery:string and corresponding dtml method: ... -- Jaroslav Lukesh --- This e-mail can not contain any viruses because I use Linux ___ Zope-DB mailing list Zope-DB@zope.org http://mail.zope.org/mailman/listinfo/zope-db
RE: [Zope-DB] ZPTs and database accesses
On 2005-04-28 at 20:26:47 [+0200], Ken Winter <[EMAIL PROTECTED]> wrote: > Andreas - > > Thanks for your answer. I'm relieved to know that the ZPT-ZSQL combination > will suffice for database accesses. As a Zope neophyte, though, I still > need an example or tutorial showing me how to get data from page to database > via ZPTs and ZSQL objects. Can you point me to such a reference? Yes, the Zope book is the place to look. You create a ZSQL method with the SQL code You then call this method through your ZPT or better in the case of posting from page to database a PythonScript which in turn calls the ZSQL method and passes the parameters. Charlie -- Charlie Clark eGenix.com Professional Python Services directly from the Source >>> Python/Zope Consulting and Support ...http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/ ::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,FreeBSD for free ! ___ Zope-DB mailing list Zope-DB@zope.org http://mail.zope.org/mailman/listinfo/zope-db
RE: [Zope-DB] ZPTs and database accesses
Andreas - Thanks for your answer. I'm relieved to know that the ZPT-ZSQL combination will suffice for database accesses. As a Zope neophyte, though, I still need an example or tutorial showing me how to get data from page to database via ZPTs and ZSQL objects. Can you point me to such a reference? - Thanks, Ken > -Original Message- > From: Andreas Jung [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 28, 2005 2:17 PM > To: [EMAIL PROTECTED]; zope-db@zope.org > Subject: Re: [Zope-DB] ZPTs and database accesses > > > > --On Donnerstag, 28. April 2005 14:05 Uhr -0400 Ken Winter > <[EMAIL PROTECTED]> wrote: > > > The Zope Book (version 2.7, > > http://www.plope.com/Books/2_7Edition/ZPT.stx#1-8) implies that you > can't > > do "SQL queries" from Zope Page Templates. If this implication is > > correct, I (for one) have a problem, as I'm trying to do all my work > with > > ZPTs (rather than DTML) in order to use my WYSIWYG HTML editor > > (DreamWeaver) to design my pages. > > > > > > > > The RDB chapter in the Zope book > > (http://www.plope.com/Books/2_7Edition/RelationalDatabases.stx#1-10) > > shows a ZPT example that works for getting retrieved data from the > > database through ZSQL objects onto web pages. But I haven't found an > > example of a ZPT for an HTML form that can take data from the web page > > into the database. > > You have not read the book correctly. First statement just said that you > can't SQL queries using ZPT. In Zope you specify SQL queries using > *ZSQL methods* that use DTML as markup language...this is not the same > as defining SQL inside DTML methods/documents or Page Templates. > Since ZSQL methods are first-class objects in Zope, you can call them > of course from DTML method/documents, Python Scripts *and* Zope > Pagetemplates > (as shown in the RDBMS chapter). > > Hope this makes things clearer, > -aj ___ Zope-DB mailing list Zope-DB@zope.org http://mail.zope.org/mailman/listinfo/zope-db
Re: [Zope-DB] ZPTs and database accesses
--On Donnerstag, 28. April 2005 14:05 Uhr -0400 Ken Winter <[EMAIL PROTECTED]> wrote: The Zope Book (version 2.7, http://www.plope.com/Books/2_7Edition/ZPT.stx#1-8) implies that you can't do "SQL queries" from Zope Page Templates. If this implication is correct, I (for one) have a problem, as I'm trying to do all my work with ZPTs (rather than DTML) in order to use my WYSIWYG HTML editor (DreamWeaver) to design my pages. The RDB chapter in the Zope book (http://www.plope.com/Books/2_7Edition/RelationalDatabases.stx#1-10) shows a ZPT example that works for getting retrieved data from the database through ZSQL objects onto web pages. But I haven't found an example of a ZPT for an HTML form that can take data from the web page into the database. You have not read the book correctly. First statement just said that you can't SQL queries using ZPT. In Zope you specify SQL queries using *ZSQL methods* that use DTML as markup language...this is not the same as defining SQL inside DTML methods/documents or Page Templates. Since ZSQL methods are first-class objects in Zope, you can call them of course from DTML method/documents, Python Scripts *and* Zope Pagetemplates (as shown in the RDBMS chapter). Hope this makes things clearer, -aj pgpiT9EGbjdSa.pgp Description: PGP signature ___ Zope-DB mailing list Zope-DB@zope.org http://mail.zope.org/mailman/listinfo/zope-db
