On Tue, Sep 18, 2001 at 03:32:39PM -0600, ed colmar wrote:
Hi All.
Jim and several others were helping me to get my variable SQL methods working right. They're great and do everything I want form the test window. When I call them from my external method, they come back with a REQUEST error.
This is how I call it: This has not been tested, an I make no representation that it works. try:
mastertablename = "sometablename" self.SQL_create_master_table(mastertablename=mastertablename)
REQUEST.set('mastertablename', 'sometablename') self.SQL_create_master_table(mastertablename=mastertablename) or maybe (if you have not a REQUEST at hand) self.REQUEST.set('mastertablename', 'sometablename') self.SQL_create_master_table(mastertablename=mastertablename)
Then I get:
Error Type: Bad Request Error Value: ['mastertablename']
Whats the syntax to shove this variable and it's value inside the request? Or am I doing something else wrong?
Thanks everyone!
-ed-
Again, just so everyone is aware. You have to do your own enforcement and/or quote checking if you do this. You want to be real sure that the user cannot supply something like 'table test (garbage text); drop table my_lifes_work' as the value for mastertablename. At the very least you want to reject any names with semicolons or periods, and probably want mastertablename to be a span of [a-z0-9].
CREATE TABLE <dtml-var mastertablename> ( .... )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )