> Then change your Z SQL Method to look like;
> select * from Customers where
> foofield=<dtml-sqlvar search type=string>
> <dtml-if orderby>
> ORDER BY <dtml-var orderby>
> </dtml-if>
Hmm, I wouldn't do that, you're trusting the client here,
imagine someone going to
http://yourserver/staff?orderby=firstname%20;%20delete from Customers;
(sufficient dbuser rights assumed)
I would use staff?order_id=1 (2,3,...)
etc. and then set orderby via a dictionary (or some simple
dtml-ifs).
cheers,
oliver
_______________________________________________
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
