Jaroslav Lukesh wrote:
with discuss about security it is possible to query sql directly from dtml/zpt
with yourZSQLmethod like this:
<param>
sqlquery:string
</params>
<dtml-var sqlquery>
and corresponding dtml method:
<dtml-call "REQUEST.set('sqlquery','select * from table')">
<dtml-in yourZSQLmethod>
...
</dtml-in>
Yes, although you're opening yourself to a world of SQL injection
vulnerabilities by doing so ;-)
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
_______________________________________________
Zope-DB mailing list
[email protected]
http://mail.zope.org/mailman/listinfo/zope-db
