On Fri, 2 Jun 2000 wai@mahirnet.com wrote:
I tried to build a search feature using sql in zope, this is what I normal do in sql to do a range search :
select * from table1 where table1_id = %field1_value%
But when I try it with zope, it will become
select * from table1 where table1_id = %'value'%
The quoting is there to protect you (if value contains the SQL delimiter ';' or whatever it is in Access, bad things can happen and might be a big hairy security hole). Try: <dtml-let field1_value="'%' + field1_value + '%'"> select * from table1 where <dtml-sqltest field1_value column=table1_id type=nb> </dtml-let> You might need an 'op=like' attribute to the sqltest tag (I don't know Access). -- Stuart Bishop Work: zen@cs.rmit.edu.au Senior Systems Alchemist Play: zen@shangri-la.dropbear.id.au Computer Science, RMIT University