[Zope-DB] Hello!

Charlie Clark charlie@begeistert.org
Mon, 21 Jul 2003 18:15:38 +0200

On 2003-07-21 at 17:44:42 [+0200], Philip Kilner wrote:
> res=container.insertBook(request)
> ...seems to be accepted, but inserts nothing.
> > In the second, it would look like
> > 
> > res=container.my_sql_method(foo=foo_value, bar=bar_value)
> > 
> OK, well the 2nd looks like a better bet - more explicit!
> However, I can't save even a ZPT with that syntax -
> res=container.insertBook(ISBN=field_ISBN, Title=field_Title)
> ...gives me: -
> Compilation failed
> TAL.HTMLParser.HTMLParseError: junk characters in start tag: ', 
> Title=field_Title)', at line 10, column 1
> I actually can't se what I am doing wrong.

Nothing really and I hope Jim will forgive me but I didn't find the orignal 
explanation very helpful for someone getting just started.

First of all, do not ever use an UPDATE or an INSERT directly from ZPT or 
DTML or any other form for that matter. It is very bad practice and could 
cause you any kind of problems. Always use a PythonScript to do this for 
you so you can do your error checking gracefully.

What you want to do can't be done anyway and has nothing to do with ZPT.

This is your form:

<form name="insert_book" action="insertBook" method="POST">
<input type="text" name="field_ISBN">
<input type="text" name="field_Title">
<input type="text" name="field_Author">
<input type="text" name="field_BookPrice">

No TALES or METAL required. However, this will fail as insertBook expects a 
Python dictionary and not an http-request - this is also a security 
feature, by the way.

You call an ZSQL-method within Zope like this:
r = context.selectBook()

in ZPT this looks like this <span tal:define="r here/selectBook"></span> 
unless you wish to pass a parameter to the method in which case you have to 
use Python syntax, ie.
<span tal:define="r python: here.selectBook(ISBN=1)"></span>

Now, back to your form. You need something which processes the name/value 
pairs which come from browser and the best thing to do this is a Python 

### request = context.REQUEST
field_Title=request.field_Title, field_Author=request.field_Author, 
return context.thank_you(context, request)

Now, that's the minimalist version which doesn't do any checking and will 
present SQL-errors to the user if something is in correct. It's also a 
little difficult to read.

I generally loop over the REQUEST.form assigning values to a dictionary 
which gets passed to the ZSQL-Method after things have been checked.

book_dict = {}
for item, value in request.form.items():
	book_dict[item] = value

return context.thank_you(context, request)

Hope that helps.