On Fri, Sep 29, 2000 at 06:19:35PM +0300, Erno Kuusela wrote:
Hello,
i'm obviously missing something obvious, but how does one execute arbitrary sql statements from an external method?
Look at http://www.zope.org/Members/jpenny/Accessing_a_ZSQL_Method_from_an_External_... Now think about a SQL method with parameter body and template like: <dtml-var body> You can now do anything by supplying body as an argument. Note. This is really BAD idea. By doing this, you will construct a web accessible method which permits anyone with access rights to the external method to do anything at all your database. Not good. Even though it is irritating from a programmer's point of view, it is much better to define a series of restricted ZSQL methods that do as little as possible. This permits far more damage control.
-- erno