25 Oct
2002
25 Oct
'02
7:52 p.m.
Richard Wesley writes:
... <dtml-sqltest Value column="_.getitem('sequence-item')" type=string> ... But this expands to having the column equal to the literal text "_.getitem('sequence-item')", i.e. no interpretation is done.
Is there a way to do this or do I have to leave all my SQL unprotected? "dtml-sqltest" does not provide such a way (you can extend it along the line of other "XXX_expr" attributes. You find examples, e.g. in "Products/MailHost/SendMailTag").
You can however use the more elementary "dtml-sqlvar". The above "dtml-sqltest", e.g., can be emulated by: <dtml-var expr="_.getitem('sequence-item')" sql_quote> = <dtml-sqlvar Value type=string> Be careful about security! Dieter