[Zope] Simplest example of INSERT

Evan Simpson evan@hapenney.com
Wed, 02 Jun 1999 16:55:19 -0500


Have you filled in the ZSQLMethod's argument list with col and fla?
Unless a variable name is in the argument list, it is NOT found in
REQUEST or parameters in a call, ONLY in the containing folder.

AFAIK this is a security feature, so that you can parameterize a query
using acquisition and properties of the acquiring object, without
allowing the REQUEST to override parameters unless you explicitly
specify.

For example, you could have ZSQLmethod "base/larch/newstuff" as
INSERT INTO <!--#var relation--> (ID, <!--#var attribute-->) VALUES
(<!--#sqlvar new_id type=int-->, <!--#sqlvar new_value type=nb-->)
with "new_id" and "new_value" in the argument list.

Then "base/larch/newstuff" accepts "new_id" and "new_value" as
arguments, and looks up "relation" and "attribute" in "base/larch",
while "base/larch/parrot/newstuff" looks up "relation" and "attribute"
in "base/larch/parrot".  Neither one allows
".../newstuff?relation=forbiddentable..." since "relation" is not in the
argument list.