Re: [Zope] Please help with DTML-in (newbie)
thanks you all!! This helped a lot!Tino Wildenhain [EMAIL PROTECTED] wrote: J Cameron Cooper schrieb: Alric Aneron wrote: Hello, I am new to Zope and DTML. I am trying to use a python script to call a Z SQL method. The python script also has a list that over. so my python script: -python script words = ['one', 'two'] context.REQUEST.set('wordlist', wordlist) rs = context.myzsqlmethod() return rs[0,2] -z sql script: SELECT * FROM table WHERE column1 LIKE ('' OR column2 LIKE '') sequence-end AND And dont use in ZSQL Methods.In your example, use instead.Even if you hardcode the wordlist, but even more if its comingfrom request somewhere. Yahoo! Photos Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Please help with DTML-in (newbie)
Alric Aneron wrote: Hello, I am new to Zope and DTML. I am trying to use a python script to call a Z SQL method. The python script also has a list that dtml-in inside the ZSQL method interates over. so my python script: -python script words = ['one', 'two'] context.REQUEST.set('wordlist', wordlist) rs = context.myzsqlmethod() return rs[0,2] -z sql script: SELECT * FROM table WHERE dtml-in words column1 LIKE ('dtml-var '%'+sequence-item+'%'' OR column2 LIKE 'dtml-var '%'+sequence-item+'%'') dtml-unless sequence-end AND /dtml-unless /dtml-in --- But it doesn't want to, gives me.. *Error Type: NameError* *Error Value: name 'wordlist' is not defined *I tried feeding the variable into the ZSQL arguments list, but i got something like cannot concatenate a module with a str Can anyone please help me? Thank you! It complains about 'wordlist' because it is not defined anywhere. Perhaps you mean 'words' in the second line? To pass a param to the ZSQL method, just say:: context.myzsqlmethod(words=words) This will put it in the namespace. --jcc -- Building Websites with Plone http://plonebook.packtpub.com/ Enfold Systems, LLC http://www.enfoldsystems.com ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] Please help with DTML-in (newbie)
I am trying to use a python script to call a Z SQL method. The python You need to have defined words as parameter for ZSQL Metod. You have tried to call property wordlist which is not exit. Here are your ZSQL with safety (not functional) concern: params words:string /params SELECT * FROM table WHERE dtml-in words prefix=wrd ( column1 LIKE '%dtml-var wrd_item sql_quote%' OR column2 LIKE '%dtml-var wrd_item sql_quote%' ) dtml-unless sequence-end AND /dtml-unless /dtml-in And here are some functional tips for you: dtml-sqltest dtml-sqlgroup -z sql script: SELECT * FROM table WHERE dtml-in words column1 LIKE ('dtml-var '%'+sequence-item+'%'' OR column2 LIKE 'dtml-var '%'+sequence-item+'%'') dtml-unless sequence- end AND /dtml-unless /dtml-in Nice example for easy SQL injection! ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Please help with DTML-in (newbie)
J Cameron Cooper schrieb: Alric Aneron wrote: Hello, I am new to Zope and DTML. I am trying to use a python script to call a Z SQL method. The python script also has a list that dtml-in inside the ZSQL method interates over. so my python script: -python script words = ['one', 'two'] context.REQUEST.set('wordlist', wordlist) rs = context.myzsqlmethod() return rs[0,2] -z sql script: SELECT * FROM table WHERE dtml-in words column1 LIKE ('dtml-var '%'+sequence-item+'%'' OR column2 LIKE 'dtml-var '%'+sequence-item+'%'') dtml-unless sequence-end AND /dtml-unless /dtml-in And dont use dtml-var in ZSQL Methods. In your example, use dtml-sqlvar sequence-item type=string instead. Even if you hardcode the wordlist, but even more if its coming from request somewhere. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )