Cannot pass parameters to Externa Method From inside a DTML Method
I have in my "Extensions" folder the file "TestODBCEM.py" witch contains the following code to select and return 40 rows by 8 columns of a query: def TestODBCEM(self, sysDSN="defDSN", usr="defUsr", mypass="defPass", sSQL="SELECT * FROM defTable", xx=40, yy=8): id = self.id import dbi import odbc connection=odbc.odbc(sysDSN+'/'+usr+'/'+mypass) cur=connection.cursor() cur.execute(sSQL) data=cur.fetchall() a="" for x in range(0,int(xx)): for y in range(0,int(yy)): if data[x][y]=="": a=a+"Null"+"---" else: a=a+str(data[x][y])+" --- " a=a+"\n" return data I have used it and created an External Method in my Zope name "TestODBCEM" next i created a DTML Method named "GetQueryParamsDTML" with the following : <html> <head> </head> I will connect using : "<dtml-var id>" System DSN Type the query to execute... <form name="Params" action="./TestODBCEM" method="POST"> <input type="hidden" name="sysDSN:string" value=<dtml-var id>> The SQL Query to be executed against the above DSN connection <input name="sSQL:string"><br> <input type="hidden" name="mypass:string" value=<dtml-var passWD>><br> <input type="hidden" name="usr:string" value=<dtml-var usrID>><br> <input type="submit" value=" Execute "><br> </form> </html> and everything is ok as it returns something like this : [(1, 1054, 1001, '\xc1\xd0\xcf\xd3\xc2', 1001, 101, '\xc1\xd0\xcf\xd3\xc2\xc5\xd3\xc5\xc9\xd3 \xd7\xd1\xc7\xd3\xc7\xd3', None, 1, None, None, None, None, None, 1, 1, 0, None, None, None, None, None, 1054, 1054, 1, 0, 0, 0, None, None, None, 0, None, None, None, 0, None, None, None, 0, 0, 0, None, None, None, 0, 0), (1, 1054, 9001, '\xc1\xd0\xcf\xd..... Now i want to format the results to show them so i change my "GetQueryParamsDTML" as follows: <html> <head> </head> I will connect using : "<dtml-var id>" System DSN Type the query to execute... <form name="Params" action="./ShowResults" method="POST"> <input type="hidden" name="sysDSN:string" value=<dtml-var id>> The SQL Query to be executed against the above DSN connection <input name="sSQL:string"><br> <input type="hidden" name="mypass:string" value=<dtml-var passWD>><br> <input type="hidden" name="usr:string" value=<dtml-var usrID>><br> <input type="submit" value=" Execute "><br> </form> </html> Now it calls another DTML Method named "ShowResults" witch reads like this: <dtml-var standard_html_header> <table border="1"> <dtml-in TestODBCEM> <dtml-if sequence-even> <tr bgcolor="lightgreen"> <dtml-else> <tr> </dtml-if> <dtml-in sequence-item> <td><dtml-var sequence-item></td> </dtml-in> </tr> </dtml-in> <dtml-var standard_html_footer> The problem know is that, althought the params of the GetQueryParamsDTML is passed to ShowResults through the REQUEST, the TestODBCEM does not use them. Instead the code is always using the defValues of its def line. When i was calling ./TestODBC from GetQueryParamsDTML it was using the parameters i was submiting. I tried to change the follong line of ShowResults : <dtml-in TestODBCEM> to: <dtml-in expr="TestODBCEM('<dtml-var sysDSN>', '<dtml-var usr>', '<dtml-var mypass>', '<dtml-var sSQL>')"> but this one gives me an AttributeError ('str' object has no attribute 'id'). Does anyone know what am i doing wrong? I would apreciate it if you could help me. I use Zope 2.7.0 on windows XP PRO, witch i use after installing Plone 2.0.5 executable installer. It uses Python 2.3.3 Thanks in advance. Thomas Apostolou ___________________________________________________________ Χρησιμοποιείτε Yahoo!; Βαρεθήκατε τα ενοχλητικά μηνύματα (spam); Το Yahoo! Mail διαθέτει την καλύτερη δυνατή προστασία κατά των ενοχλητικών μηνυμάτων http://login.yahoo.com/config/mail?.intl=gr
Am Donnerstag, den 04.08.2005, 11:31 +0100 schrieb Thomas Apostolou:
I have in my "Extensions" folder the file "TestODBCEM.py" witch contains the following code to select and return 40 rows by 8 columns of a query:
def TestODBCEM(self, sysDSN="defDSN", usr="defUsr", mypass="defPass", sSQL="SELECT * FROM defTable", xx=40, yy=8): id = self.id import dbi import odbc connection=odbc.odbc(sysDSN+'/'+usr+'/'+mypass) cur=connection.cursor() cur.execute(sSQL) data=cur.fetchall() a="" for x in range(0,int(xx)): for y in range(0,int(yy)): if data[x][y]=="": a=a+"Null"+"---" else: a=a+str(data[x][y])+" --- " a=a+"\n" return data
This is not a good idea anyway. 1) it lets every user knowing the external method connect to every database on your host (depending on credentials if any) 2) even worser it enables the user to issue any raw SQL string to the database, including but not limited to DROP table; DROP database; etc. 3) by not using ZOPEs infrastructure (read: Z(yourdb)DA, ZSQL-Methods), you have the expensive connect operation every time, loose the ability to easily work with zopes transactions, have to quote and unquote values and so on. So get a ZODBCDa or something like that and use it.
I have used it and created an External Method in my Zope name "TestODBCEM"
next i created a DTML Method named "GetQueryParamsDTML" with the following :
<html> <head> </head> I will connect using : "<dtml-var id>" System DSN Type the query to execute... <form name="Params" action="./TestODBCEM" method="POST"> <input type="hidden" name="sysDSN:string" value=<dtml-var id>> The SQL Query to be executed against the above DSN connection <input name="sSQL:string"><br> <input type="hidden" name="mypass:string" value=<dtml-var passWD>><br> <input type="hidden" name="usr:string" value=<dtml-var usrID>><br> <input type="submit" value=" Execute "><br> </form> </html>
and everything is ok as it returns something like this : [(1, 1054, 1001, '\xc1\xd0\xcf\xd3\xc2', 1001, 101, '\xc1\xd0\xcf\xd3\xc2\xc5\xd3\xc5\xc9\xd3 \xd7\xd1\xc7\xd3\xc7\xd3', None, 1, None, None, None, None, None, 1, 1, 0, None, None, None, None, None, 1054, 1054, 1, 0, 0, 0, None, None, None, 0, None, None, None, 0, None, None, None, 0, 0, 0, None, None, None, 0, 0), (1, 1054, 9001, '\xc1\xd0\xcf\xd.....
Now i want to format the results to show them so i change my "GetQueryParamsDTML" as follows:
<html> <head> </head> I will connect using : "<dtml-var id>" System DSN Type the query to execute... <form name="Params" action="./ShowResults" method="POST"> <input type="hidden" name="sysDSN:string" value=<dtml-var id>> The SQL Query to be executed against the above DSN connection <input name="sSQL:string"><br> <input type="hidden" name="mypass:string" value=<dtml-var passWD>><br> <input type="hidden" name="usr:string" value=<dtml-var usrID>><br> <input type="submit" value=" Execute "><br> </form> </html>
Now it calls another DTML Method named "ShowResults" witch reads like this:
<dtml-var standard_html_header> <table border="1"> <dtml-in TestODBCEM>
here you would write: <dtml-in expr="TestODBCEM(sysDSN=sysDSN, ...)"> because your external Method does not magically read the REQUEST object. (You could do that there by using self.REQUEST.get('sysDSN','default') )
<dtml-if sequence-even> <tr bgcolor="lightgreen"> <dtml-else> <tr> </dtml-if> <dtml-in sequence-item> <td><dtml-var sequence-item></td> </dtml-in> </tr> </dtml-in> <dtml-var standard_html_footer>
The problem know is that, althought the params of the GetQueryParamsDTML is passed to ShowResults through the REQUEST, the TestODBCEM does not use them. Instead the code is always using the defValues of its def line. When i was calling ./TestODBC from GetQueryParamsDTML it was using the parameters i was submiting.
I tried to change the follong line of ShowResults : <dtml-in TestODBCEM> to: <dtml-in expr="TestODBCEM('<dtml-var sysDSN>', '<dtml-var usr>', '<dtml-var mypass>', '<dtml-var sSQL>')">
but this one gives me an AttributeError ('str' object has no attribute 'id').
Does anyone know what am i doing wrong? I would apreciate it if you could help me.
See also: http://www.plope.com/Books/2_7Edition/RelationalDatabases.stx -- Tino Wildenhain <tino@wildenhain.de>
This is not a good idea anyway. 1) it lets every user knowing the external method connect to every database on your host (depending
on credentials if any)
2) even worser it enables the user to issue any raw SQL string to the database, including but not limited to DROP table; DROP database; etc.
This is not be the real thing on the site. It is just what i develop and see. The site is not up yet and the interface and the credentials are not set. I just have the spefific interface now for trying-testing-learning. I can see your point and agree 100%
3) by not using ZOPEs infrastructure (read: Z(yourdb)DA, ZSQL-Methods), you have the expensive connect operation every time, loose the ability to easily work with zopes transactions, have to quote and unquote values and so on.
So get a ZODBCDa or something like that and use it.
I have allready used that and i am trying what i wrote just for learning some python and do some custom things. I am sure you are right and sooner or later i will also prefer what you suggest (when i know more about what zopes transactions etc. are about) after reading some more on the Zope book.
here you would write:
<dtml-in expr="TestODBCEM(sysDSN=sysDSN, ...)">
because your external Method does not magically read the REQUEST object. (You could do that there by using self.REQUEST.get('sysDSN','default') )
I knew that it should be some other way that the correct syntax should be used. i had wrote <dtml-in expr="TestODBCEM('<dtml-var sysDSN>','<dtml-var usr>', '<dtml-var mypass>', '<dtml-var sSQL>')"> witch was realy wrong and maybe stupid, but i'm sure i'll get better soon with that kind of community and documentation. I am realy sory if i ask some stupid questions but as i told you i will soon get better. Thank you very much for both DTML and Python.
See also:
http://www.plope.com/Books/2_7Edition/RelationalDatabases.stx
-- Tino Wildenhain <tino@wildenhain.de>
Thank you for your precious help on this. Thomas Apostolou ___________________________________________________________ Χρησιμοποιείτε Yahoo!; Βαρεθήκατε τα ενοχλητικά μηνύματα (spam); Το Yahoo! Mail διαθέτει την καλύτερη δυνατή προστασία κατά των ενοχλητικών μηνυμάτων http://login.yahoo.com/config/mail?.intl=gr
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thomas Apostolou wrote:
The problem know is that, althought the params of the GetQueryParamsDTML is passed to ShowResults through the REQUEST, the TestODBCEM does not use them. Instead the code is always using the defValues of its def line. When i was calling ./TestODBC from GetQueryParamsDTML it was using the parameters i was submiting.
I tried to change the follong line of ShowResults : <dtml-in TestODBCEM> to: <dtml-in expr="TestODBCEM('<dtml-var sysDSN>', '<dtml-var usr>', '<dtml-var mypass>', '<dtml-var sSQL>')">
but this one gives me an AttributeError ('str' object has no attribute 'id').
inside 'expr=".,."', you are writing a Python expression, and thus don't need the '<dtml-var>' bit. Try: <dtml-in expr="TextODBCEM(myDSN, usr, mypass, aSQL)"> I would recommend investing in a good Zope reference, e.g. the Zope 2.7 version of "The Zope Book": http://www.plope.com/Books/2_7Edition Tres. - -- =================================================================== Tres Seaver +1 202-558-7113 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC81a5+gerLs4ltQ4RAtiJAJ4+uQuhIMBtUACVaJ1UeLp1o0D+wACcDTo9 U1IszKaOUHyjyeeEA+cJjL4= =OD7J -----END PGP SIGNATURE-----
participants (3)
-
Thomas Apostolou -
Tino Wildenhain -
Tres Seaver