Please do *NOT* send HTML mails into this list!
Nick McDowell writes:
> I have a Z SQL method that requires an “id” value which it users to perform
> a select statement. I am trying to pass this “id” value via a URL, which
> calls a DTML method who in turn calls the Z SQL Method.
When I remember right, someone introduced into Zope 2.1.6's Z SQL
methods that acquisition is stronger than explicitely passed
arguments (and arguments from REQUEST, this is your case).
One says, it was for security reasons.
I think, this is a big bug, and I will change it, whenever
I should see it.
If it is still in Zope 2.2, then you will have only 2 chances:
1. rename you argument to something that is not
acquired (as 'id' is).
In your SQL, you can of cause use the column name
as it is defined by the table - similar to the
following:
.... where id = <dtml-sqlvar renamed_id type=string> ....
2. change the code in "Shared.DC.ZRDB.DA.__call__",
as I would do.
I did not yet work enough with Zope 2.2 to got
hit by the bug (if it is still there).
Therefore, I do not yet have a patch.
Dieter
_______________________________________________
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
