On Fri, 2 Jun 2000 [EMAIL PROTECTED] wrote:

> I tried to build a search feature using sql in zope, this is what I normal
> do in sql to do a range search :
> select * from table1 where table1_id = %field1_value%
> But when I try it with zope, it will become
> select * from table1 where table1_id = %'value'%

The quoting is there to protect you (if value contains the SQL delimiter ';'
or whatever it is in Access, bad things can happen and might be a big
hairy security hole).


<dtml-let field1_value="'%' + field1_value + '%'">

    select * from table1 
        <dtml-sqltest field1_value column=table1_id type=nb>


You might need an 'op=like' attribute to the sqltest tag (I don't know Access).

Stuart Bishop                          Work: [EMAIL PROTECTED]
Senior Systems Alchemist               Play: [EMAIL PROTECTED]
Computer Science, RMIT University

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to