Sean G Richards writes:
 > Hello,
 >     I am trying to build an SQL statement in a form, and then pass the
 > statement onto a Z SQL method, for execution.
 > something like
 > < form action="search_results" method="get">
 > <input type="text" name="select_statement" value="SELECT  name,
 > phone_number, address FROM black_book WHERE" size=20>
 > <select  name="where_statement" size=3>
 >    <option value=" name = 'jennifer' ">Jennifer
 >    <option value=" name='anne' " > Anne
 >    <option value=" name='alice' ">Alice
 > </select>
 > <input type="hidden" name="cat_both_previous_statements"
 > value="<dtml-sqlvar select_statement type=string> <dtml-sqlvar
 > where_statement type=string>">
 > <input type="SUBMIT" name="SUBMIT" value="SUBMIT">
 > </form>
 >     I understand that this isn't the correct way to do this, ....

  you let the form fill in the browser but you build
  the SQL in the server, more precisely the "search_result" object.

The form should only contain fields that need be changed by
the user (and texts to help the user to fill the fields).
Thus, usually, your form would not have a field
with a "select statement", unless the user should be able
to change this, e.g. into an "insert" statement or something (DANGER!).

As an simple xample, you may have:
<form action=search>
  Name to Search for: <select name=name size=3>
                         <option value="jennifer">Jennifer
<input type=submit>

On the server side, you would usually use a Z SQL Method
to do the actual search. See the Z SQL Method guide at for examples.
Your method would probably have a parameter "name"
(the same you used for your form field!).

The "search" DTML method could then be:
<dtml-var standard_html_header>
<dtml-in ZSQLMethod>
  <dtml-var name> <dtml-var phone_number> <dtml-var address><br>
<dtml-var standard_html_footer>

Look at other examples in the Z SQL Method guide.


Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to