Using sql to search in zope - Zope - Zope lists

newer
Multiple Zopes on NT

Using sql to search in zope

older
Linuxtag update

wai＠mahirnet.com

2 Jun 2000 2 Jun '00

8:10 a.m.

Hi All, I tried to build a search feature using sql in zope, this is what I normal do in sql to do a range search : select * from table1 where table1_id = %field1_value% But when I try it with zope, it will become select * from table1 where table1_id = %'value'% Which return an error : [ODBC Microsoft Access 97 Driver] Syntax error in query expression 'table1_id alike %'field1_value'%'.") Any idea or work around ?? Please help Cheers Wai

Reply

Sign in to reply online Use email software

Show replies by date

Graham Chiu

2 Jun 2 Jun

8:33 a.m.

New subject: [Zope] Using sql to search in zope

In article <OFBC47DDAE.CAD19DCB-ON482568F2.002C14D2@mahirnet.com>, wai@mahirnet.com writes

Hi All,

I tried to build a search feature using sql in zope, this is what I normal do in sql to do a range search :

select * from table1 where table1_id = %field1_value%

where table1_id = <dtml-sqlvar "'%'+ field1_value + '%'" type=string> -- Regards, Graham Chiu gchiu<at>compkarori.co.nz http://www.compkarori.co.nz/index.php Powered by Interbase and Zope

Reply

Sign in to reply online Use email software

Jim Sanford

12:40 p.m.

New subject: [Zope] Using sql to search in zope

<dtml-sqlvar " '%' + _.string.strip(field1_value) + '%'" type=string> ----- Original Message ----- From: <wai@mahirnet.com> To: <zope@zope.org> Sent: Friday, June 02, 2000 3:10 AM Subject: [Zope] Using sql to search in zope Hi All, I tried to build a search feature using sql in zope, this is what I normal do in sql to do a range search : select * from table1 where table1_id = %field1_value% But when I try it with zope, it will become select * from table1 where table1_id = %'value'% Which return an error : [ODBC Microsoft Access 97 Driver] Syntax error in query expression 'table1_id alike %'field1_value'%'.") Any idea or work around ?? Please help Cheers Wai _______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )

Reply

Sign in to reply online Use email software

Stuart 'Zen' Bishop

11:59 p.m.

New subject: [Zope] Using sql to search in zope

On Fri, 2 Jun 2000 wai@mahirnet.com wrote:

I tried to build a search feature using sql in zope, this is what I normal do in sql to do a range search :

select * from table1 where table1_id = %field1_value%

But when I try it with zope, it will become

select * from table1 where table1_id = %'value'%

The quoting is there to protect you (if value contains the SQL delimiter ';' or whatever it is in Access, bad things can happen and might be a big hairy security hole). Try: <dtml-let field1_value="'%' + field1_value + '%'"> select * from table1 where <dtml-sqltest field1_value column=table1_id type=nb> </dtml-let> You might need an 'op=like' attribute to the sqltest tag (I don't know Access). -- Stuart Bishop Work: zen@cs.rmit.edu.au Senior Systems Alchemist Play: zen@shangri-la.dropbear.id.au Computer Science, RMIT University

Reply

Sign in to reply online Use email software

9439

Age (days ago)

9439

Last active (days ago)

3 comments

4 participants

tags

participants (4)

Graham Chiu
Jim Sanford
Stuart 'Zen' Bishop
wai＠mahirnet.com