Thanks -- your info helps. It isn't precisely what I was looking for, though. What I want to know is how to replace the default data input page for a Z SQL Method that takes arguments with one of my own. In looking at the source of the automatically created search interface, I noticed that the path info "manage_test" is added to the url of the target query, and that the value is passed as a cgi variable. So I've been able to do what I want to do. But is this the "right way to do it" in Zope? -----Original Message----- From: Alexander Staubo <alex@mop.no> To: Zope Mailing List (E-mail) <zope@zope.org> Date: Sunday, June 20, 1999 10:05 PM Subject: RE: [Zope] Newbie Q: Passing REQUEST.form data to a Z SQL Method

If I understand your problem correctly, you'd like to pass form variables to the SQL Method? If so, here's one way of doing it:

<!--#call "Test_sql(REQUEST)"-->

This will essentially make REQUEST part of the namespace accessible to Test_sql. Note that this would lead to problems if your SQL Method refers to variables that should not be overrideable by REQUEST, such as security-related "where" conditions.

To avoid such cases, pass all pertinent variables explicitly, like so:

<!--#call "Test_sql(name = REQUEST.name, salary = salaryfilter)"-->

This prevents malicious users from requesting URLs like http://www.foo.com/ViewEmployees?name=myname&salary=40000 (assuming you want to block this, of course).

Does this answer your question?