On Fri, Sep 29, 2000 at 06:19:35PM +0300, Erno Kuusela wrote:
> Hello,
> i'm obviously missing something obvious, but how does one
> execute arbitrary sql statements from an external method?

Look at 

Now think about a SQL method with parameter body and template like:
<dtml-var body>

You can now do anything by supplying body as an argument.

Note.  This is  really BAD idea.  By doing this, you will construct
a web accessible method which permits anyone with access rights to 
the external method to do anything at all your database.  Not good.

Even though it is irritating from a programmer's point of view, 
it is much better to define a series of restricted ZSQL methods
that do as little as possible.  This permits far more damage control.

>    -- erno

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to