Jaroslav Lukesh wrote:
with discuss about security it is possible to query sql directly from dtml/zpt with yourZSQLmethod like this:


<param>
sqlquery:string
</params>
<dtml-var sqlquery>

and corresponding dtml method:

<dtml-call "REQUEST.set('sqlquery','select * from table')">
<dtml-in yourZSQLmethod>
...
</dtml-in>

Yes, although you're opening yourself to a world of SQL injection vulnerabilities by doing so ;-)

Chris

--
Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk

_______________________________________________
Zope-DB mailing list
Zope-DB@zope.org
http://mail.zope.org/mailman/listinfo/zope-db

Reply via email to