23 Jan
2001
23 Jan
'01
2:45 p.m.
Then change your Z SQL Method to look like;
select * from Customers where foofield=<dtml-sqlvar search type=string> <dtml-if orderby> ORDER BY <dtml-var orderby> </dtml-if>
Hmm, I wouldn't do that, you're trusting the client here, imagine someone going to http://yourserver/staff?orderby=firstname%20;%20delete from Customers; (sufficient dbuser rights assumed) I would use staff?order_id=1 (2,3,...) etc. and then set orderby via a dictionary (or some simple dtml-ifs). cheers, oliver