On Fri, Sep 29, 2000 at 06:19:35PM +0300, Erno Kuusela wrote:
> i'm obviously missing something obvious, but how does one
> execute arbitrary sql statements from an external method?
Now think about a SQL method with parameter body and template like:
You can now do anything by supplying body as an argument.
Note. This is really BAD idea. By doing this, you will construct
a web accessible method which permits anyone with access rights to
the external method to do anything at all your database. Not good.
Even though it is irritating from a programmer's point of view,
it is much better to define a series of restricted ZSQL methods
that do as little as possible. This permits far more damage control.
> -- erno
Zope maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -