> You have not read the book correctly. First statement just said that you
> can't SQL queries using ZPT. In Zope you specify SQL queries using
> *ZSQL methods* that use DTML as markup language...this is not the same
> as defining SQL inside DTML methods/documents or Page Templates.

with discuss about security it is possible to query sql directly from dtml/zpt 
with yourZSQLmethod like this:

<dtml-var sqlquery>

and corresponding dtml method:

<dtml-call "REQUEST.set('sqlquery','select * from table')">
<dtml-in yourZSQLmethod>


