[Zope] Newbie Q: Passing REQUEST.form data to a Z SQL Method

Michel Pelletier michel@digicool.com
Mon, 21 Jun 1999 09:27:41 -0400 

> -----Original Message-----
> From: Rafael Alvarado [mailto:alvarado@phoenix.Princeton.EDU]
> Sent: Monday, June 21, 1999 9:00 AM
> To: zope@zope.org
> Subject: Re: [Zope] Newbie Q: Passing REQUEST.form data to a Z SQL
> Method
> 
> 
> Actually--the solution I posted is not satisfactory, since it 
> produces a
> page with the config menus, etc.  I suppose what I want then 
> is to produce
> my own "manage_test" handler.
> 

Nope, I think your missing a little piece of Zen here.  What it sounds
like you want to do is call a ZSQL method and format the data in your
own way.  This does not require you writing 'handlers', this can be done
in straight DTML.

<ul>
<!--#in "mySQLMethod(name = REQUEST.name, salary = salaryfilter)"-->
	<li><!--#var name--> gets paid <!--#salary--></li>
<!--#/in-->
</ul>

ZSQL methods return sequences of results.  The results are rows in the
database which match your SQL query.  Given this, you can impliment an
HTML form which collects data, whose action="" is to call the DTML
method which contains the code above, whose job is to call the ZSQL
method and format the results of the query into an HTML list.


The 'manage_test' method is just a hardwired result form, it's magic is
based exactly on what I've detailed here.

-Michel

> -----Original Message-----
> From: Alexander Staubo <alex@mop.no>
> To: Zope Mailing List (E-mail) <zope@zope.org>
> Date: Sunday, June 20, 1999 10:05 PM
> Subject: RE: [Zope] Newbie Q: Passing REQUEST.form data to a 
> Z SQL Method
> 
> 
> >If I understand your problem correctly, you'd like to pass form
> >variables to the SQL Method? If so, here's one way of doing it:
> >
> >  <!--#call "Test_sql(REQUEST)"-->
> >
> >This will essentially make REQUEST part of the namespace 
> accessible to
> >Test_sql. Note that this would lead to problems if your SQL Method
> >refers to variables that should not be overrideable by 
> REQUEST, such as
> >security-related "where" conditions.
> >
> >To avoid such cases, pass all pertinent variables 
> explicitly, like so:
> >
> >  <!--#call "Test_sql(name = REQUEST.name, salary = salaryfilter)"-->
> >
> >This prevents malicious users from requesting URLs like
> >http://www.foo.com/ViewEmployees?name=myname&salary=40000 
> (assuming you
> >want to block this, of course).
> >
> >Does this answer your question?
> >
> >--
> >Alexander Staubo             http://www.mop.no/~alex/
> >"It has taken the planet Earth 4.5 billion years to discover it is
> >4.5 billion years old." --George Wald
> >
> >>-----Original Message-----
> >>From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of
> >>Rafael Alvarado
> >>Sent: 21. juni 1999 04:01
> >>To: zope@zope.org
> >>Subject: [Zope] Newbie Q: Passing REQUEST.form data to a Z 
> SQL Method
> >>
> >>
> >>I have a Z SQL Method that takes an argument.  It was
> >>constructed with the
> >>"Add" --> "Z SQL Method" form.  The method works fine when the
> >>argument is
> >>provided by the automatically built search interface when 
> testing it.
> >>
> >>Now, how do I have the argument value supplied by a DTML page
> >>that passes
> >>the value directly as a REQUEST.form object?
> >>
> >>It seems that this should be a very simply problem, yet I have
> >>search all
> >>available documents for an answer without success.  Thanks to
> >>anyone who can
> >>help
> >>
> >>Rafael C. Alvarado, Coordinator of Humanities and Social
> >>Sciences Computing
> >>McGraw Center for Teaching and Learning, Princeton University
> >>C-15-E Firestone Library, alvarado@princeton.edu
> >>
> >>
> >>_______________________________________________
> >>Zope maillist  -  Zope@zope.org
> >>http://www.zope.org/mailman/listinfo/zope
> >>
> >>(For developer-specific issues, use the companion list,
> >>zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
> >>
> >
> >
> >_______________________________________________
> >Zope maillist  -  Zope@zope.org
> >http://www.zope.org/mailman/listinfo/zope
> >
> >(For developer-specific issues, use the companion list,
> >zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
> >
> 
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://www.zope.org/mailman/listinfo/zope
> 
> (For developer-specific issues, use the companion list,
> zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
>