[Zope] Newbie Q: Passing REQUEST.form data to a Z SQL Method

Rafael Alvarado alvarado@phoenix.Princeton.EDU
Mon, 21 Jun 1999 09:38:56 -0400 

Great -- this is just what I needed!

I suppose the Zope Zen is that I can call Z SQL Methods within appropriate
DTML tags *and* pass arguments to the methods in the tags.  For some reason
this was not clear to me from the docs.  Thanks for the clarification.

BTW, are there any Zope books on the way?


-----Original Message-----
From: Michel Pelletier <michel@digicool.com>
To: 'Rafael Alvarado' <alvarado@phoenix.Princeton.EDU>; zope@zope.org
<zope@zope.org>
Date: Monday, June 21, 1999 9:26 AM
Subject: RE: [Zope] Newbie Q: Passing REQUEST.form data to a Z SQL Method


>
>
>> -----Original Message-----
>> From: Rafael Alvarado [mailto:alvarado@phoenix.Princeton.EDU]
>> Sent: Monday, June 21, 1999 9:00 AM
>> To: zope@zope.org
>> Subject: Re: [Zope] Newbie Q: Passing REQUEST.form data to a Z SQL
>> Method
>>
>>
>> Actually--the solution I posted is not satisfactory, since it
>> produces a
>> page with the config menus, etc.  I suppose what I want then
>> is to produce
>> my own "manage_test" handler.
>>
>
>Nope, I think your missing a little piece of Zen here.  What it sounds
>like you want to do is call a ZSQL method and format the data in your
>own way.  This does not require you writing 'handlers', this can be done
>in straight DTML.
>
><ul>
><!--#in "mySQLMethod(name = REQUEST.name, salary = salaryfilter)"-->
> <li><!--#var name--> gets paid <!--#salary--></li>
><!--#/in-->
></ul>
>
>ZSQL methods return sequences of results.  The results are rows in the
>database which match your SQL query.  Given this, you can impliment an
>HTML form which collects data, whose action="" is to call the DTML
>method which contains the code above, whose job is to call the ZSQL
>method and format the results of the query into an HTML list.
>
>
>The 'manage_test' method is just a hardwired result form, it's magic is
>based exactly on what I've detailed here.
>
>-Michel
>
>> -----Original Message-----
>> From: Alexander Staubo <alex@mop.no>
>> To: Zope Mailing List (E-mail) <zope@zope.org>
>> Date: Sunday, June 20, 1999 10:05 PM
>> Subject: RE: [Zope] Newbie Q: Passing REQUEST.form data to a
>> Z SQL Method
>>
>>
>> >If I understand your problem correctly, you'd like to pass form
>> >variables to the SQL Method? If so, here's one way of doing it:
>> >
>> >  <!--#call "Test_sql(REQUEST)"-->
>> >
>> >This will essentially make REQUEST part of the namespace
>> accessible to
>> >Test_sql. Note that this would lead to problems if your SQL Method
>> >refers to variables that should not be overrideable by
>> REQUEST, such as
>> >security-related "where" conditions.
>> >
>> >To avoid such cases, pass all pertinent variables
>> explicitly, like so:
>> >
>> >  <!--#call "Test_sql(name = REQUEST.name, salary = salaryfilter)"-->
>> >
>> >This prevents malicious users from requesting URLs like
>> >http://www.foo.com/ViewEmployees?name=myname&salary=40000
>> (assuming you
>> >want to block this, of course).
>> >
>> >Does this answer your question?
>> >
>> >--
>> >Alexander Staubo             http://www.mop.no/~alex/
>> >"It has taken the planet Earth 4.5 billion years to discover it is
>> >4.5 billion years old." --George Wald
>> >
>> >>-----Original Message-----
>> >>From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of
>> >>Rafael Alvarado
>> >>Sent: 21. juni 1999 04:01
>> >>To: zope@zope.org
>> >>Subject: [Zope] Newbie Q: Passing REQUEST.form data to a Z
>> SQL Method
>> >>
>> >>
>> >>I have a Z SQL Method that takes an argument.  It was
>> >>constructed with the
>> >>"Add" --> "Z SQL Method" form.  The method works fine when the
>> >>argument is
>> >>provided by the automatically built search interface when
>> testing it.
>> >>
>> >>Now, how do I have the argument value supplied by a DTML page
>> >>that passes
>> >>the value directly as a REQUEST.form object?
>> >>
>> >>It seems that this should be a very simply problem, yet I have
>> >>search all
>> >>available documents for an answer without success.  Thanks to
>> >>anyone who can
>> >>help
>> >>
>> >>Rafael C. Alvarado, Coordinator of Humanities and Social
>> >>Sciences Computing
>> >>McGraw Center for Teaching and Learning, Princeton University
>> >>C-15-E Firestone Library, alvarado@princeton.edu
>> >>
>> >>
>> >>_______________________________________________
>> >>Zope maillist  -  Zope@zope.org
>> >>http://www.zope.org/mailman/listinfo/zope
>> >>
>> >>(For developer-specific issues, use the companion list,
>> >>zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
>> >>
>> >
>> >
>> >_______________________________________________
>> >Zope maillist  -  Zope@zope.org
>> >http://www.zope.org/mailman/listinfo/zope
>> >
>> >(For developer-specific issues, use the companion list,
>> >zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
>> >
>>
>>
>> _______________________________________________
>> Zope maillist  -  Zope@zope.org
>> http://www.zope.org/mailman/listinfo/zope
>>
>> (For developer-specific issues, use the companion list,
>> zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
>>
>