Sean G Richards writes:
Hello, I am trying to build an SQL statement in a form, and then pass the statement onto a Z SQL method, for execution. something like
< form action="search_results" method="get">
<input type="text" name="select_statement" value="SELECT name, phone_number, address FROM black_book WHERE" size=20>
<select name="where_statement" size=3> <option value=" name = 'jennifer' ">Jennifer <option value=" name='anne' " > Anne <option value=" name='alice' ">Alice </select>
<input type="hidden" name="cat_both_previous_statements" value="<dtml-sqlvar select_statement type=string> <dtml-sqlvar where_statement type=string>">
<input type="SUBMIT" name="SUBMIT" value="SUBMIT"> </form>
I understand that this isn't the correct way to do this, ....
Note: you let the form fill in the browser but you build the SQL in the server, more precisely the "search_result" object. The form should only contain fields that need be changed by the user (and texts to help the user to fill the fields). Thus, usually, your form would not have a field with a "select statement", unless the user should be able to change this, e.g. into an "insert" statement or something (DANGER!). As an simple xample, you may have: <form action=search> Name to Search for: <select name=name size=3> <option value="jennifer">Jennifer .... </select><br> <input type=submit> </form> On the server side, you would usually use a Z SQL Method to do the actual search. See the Z SQL Method guide at Zope.org/Documentation for examples. Your method would probably have a parameter "name" (the same you used for your form field!). The "search" DTML method could then be: <dtml-var standard_html_header> <dtml-in ZSQLMethod> <dtml-var name> <dtml-var phone_number> <dtml-var address><br> </dtml-in> <dtml-var standard_html_footer> Look at other examples in the Z SQL Method guide. Dieter