Hi, Chris Gray schrieb:
Here's a fragment from a table that allows sorting by clicking the header in a dtml method named 'displayTable':
<table> <tr> <th><a href="displayTable?sort_key=ID+desc">ID</a></th> <th><a href="displayTable?sort_key=product">Product</a> </tr> <dtml-in "SQLSelectQuery(sort_key=REQUEST['sort_key'])">
Then feed sort_key into your SQLSelectQuery to use in an ORDER BY clause.
select * from table order by <dtml-var sort_key>
You schould never do so. Unquoted variables in SQL-statements are high security risc if they came from REQUEST. As an example someone can send a string which ends a statement and begins a new one, like drop table. Instead reference only an index of a list with the columns to sort. oder by <dtml-sqlvar orderindex type=int> is also a solution. The index ranges from 1 to number of returned values. Regards Tino
You can change the properties of an object in DTML by callling its manage_changeProperties method, for example:
<dtml-call expr="foo.manage_changeProperties(bar='New Value')">
will changes the value of foo's bar property to 'New Value'.
There are several ways of getting the effect of assigning variables in DTML, but it really isn't meant to have a direct way of declaring and assigning variables. The way you're trying to use an object's properties will, I believe, cause problems in the case of simultaneous users, because it will act as a global variable.
Cheers, Chris
On Mon, 4 Dec 2000, John Cappelletti wrote:
I am listing the results of a database query using dtml-in. I'd like to be able to give the user the option to re-sort the list by clicking on a column header. ok... I'm starting small with a form and radio buttons to allow the user to specify the sort.
I've created what I believe to be a global variable for this page using the property screen. The variable is to capture the column name for the sort. My simple question is how do I assign a value to this variable inside of the dtml method! I'm not finding a description of variable assignment in the documentation (yeah, I must be missing the obvious).
Any pointers would be appreciated. (also, know if anyone has implemented interactive sort by column header?)