subject:"RE\: \[Zope\] Please help with DTML\-in \(newbie\)"

Re: [Zope] Please help with DTML-in (newbie)

2005-12-29 Thread Alric Aneron

thanks you all!! This helped a lot!Tino Wildenhain [EMAIL PROTECTED] wrote: J Cameron Cooper schrieb: Alric Aneron wrote:   Hello, I am new to Zope and DTML. I am trying to use a python script to call a Z SQL method.  The python script also has a list that  over. so my python script: -python script words = ['one', 'two'] context.REQUEST.set('wordlist', wordlist) rs = context.myzsqlmethod() return rs[0,2] -z sql script: SELECT * FROM table WHERE  column1 LIKE ('' OR column2 LIKE '')  sequence-end AND  And dont use  in ZSQL Methods.In your example, use  instead.Even if you hardcode the wordlist, but even more if its comingfrom request somewhere.
		Yahoo! Photos 
Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Please help with DTML-in (newbie)

2005-12-28 Thread J Cameron Cooper


Alric Aneron wrote:

 Hello, I am new to Zope and DTML.
I am trying to use a python script to call a Z SQL method.  The python 
script also has a list that dtml-in inside the ZSQL method interates 
over. so my python script:

-python script
words = ['one', 'two']
context.REQUEST.set('wordlist', wordlist)
rs = context.myzsqlmethod()
return rs[0,2]
-z sql script:
SELECT * FROM table
WHERE
dtml-in words
column1 LIKE ('dtml-var '%'+sequence-item+'%'' OR
column2 LIKE 'dtml-var '%'+sequence-item+'%'') dtml-unless 
sequence-end AND /dtml-unless

/dtml-in
---
But it doesn't want to, gives me..
*Error Type: NameError*
*Error Value: name 'wordlist' is not defined

*I tried feeding the variable into the ZSQL arguments list, but i got 
something like cannot concatenate a module with a str

Can anyone please help me?
Thank you!


It complains about 'wordlist' because it is not defined anywhere. 
Perhaps you mean 'words' in the second line?


To pass a param to the ZSQL method, just say::

   context.myzsqlmethod(words=words)

This will put it in the namespace.

--jcc
--
Building Websites with Plone
http://plonebook.packtpub.com/

Enfold Systems, LLC
http://www.enfoldsystems.com
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

RE: [Zope] Please help with DTML-in (newbie)

2005-12-28 Thread Jaroslav Lukesh

 I am trying to use a python script to call a Z SQL method.  The python

You need to have defined words as parameter for ZSQL Metod. You have tried
to call property wordlist which is not exit.

Here are your ZSQL with safety (not functional) concern:

params
words:string
/params

SELECT * FROM table
WHERE

dtml-in words prefix=wrd

(
column1 LIKE '%dtml-var wrd_item sql_quote%' 
OR
column2 LIKE '%dtml-var wrd_item sql_quote%'
) 
dtml-unless sequence-end AND /dtml-unless 

/dtml-in


And here are some functional tips for you:

dtml-sqltest
dtml-sqlgroup


 -z sql script:
 SELECT * FROM table
 WHERE
 dtml-in words
 column1 LIKE ('dtml-var '%'+sequence-item+'%'' OR
 column2 LIKE 'dtml-var '%'+sequence-item+'%'') dtml-unless sequence-
 end AND /dtml-unless
 /dtml-in

Nice example for easy SQL injection!



___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Please help with DTML-in (newbie)

2005-12-28 Thread Tino Wildenhain

J Cameron Cooper schrieb:
 Alric Aneron wrote:
 
  Hello, I am new to Zope and DTML.
 I am trying to use a python script to call a Z SQL method.  The python
 script also has a list that dtml-in inside the ZSQL method interates
 over. so my python script:
 -python script
 words = ['one', 'two']
 context.REQUEST.set('wordlist', wordlist)
 rs = context.myzsqlmethod()
 return rs[0,2]
 -z sql script:
 SELECT * FROM table
 WHERE
 dtml-in words
 column1 LIKE ('dtml-var '%'+sequence-item+'%'' OR
 column2 LIKE 'dtml-var '%'+sequence-item+'%'') dtml-unless
 sequence-end AND /dtml-unless
 /dtml-in

And dont use dtml-var  in ZSQL Methods.
In your example, use dtml-sqlvar sequence-item type=string instead.
Even if you hardcode the wordlist, but even more if its coming
from request somewhere.
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Please help with DTML-in (newbie)

Re: [Zope] Please help with DTML-in (newbie)

RE: [Zope] Please help with DTML-in (newbie)

Re: [Zope] Please help with DTML-in (newbie)

4 matches

Site Navigation

Mail list logo

Footer information