Re: [Zope] variable SQL statements - from external methods
Hi All. Jim and several others were helping me to get my variable SQL methods working right. They're great and do everything I want form the test window. When I call them from my external method, they come back with a REQUEST error. This is how I call it: mastertablename = "sometablename" self.SQL_create_master_table(mastertablename=mastertablename) Then I get: Error Type: Bad Request Error Value: ['mastertablename'] Whats the syntax to shove this variable and it's value inside the request? Or am I doing something else wrong? Thanks everyone! -ed-
CREATE TABLE <dtml-var mastertablename> ( .... )
On Tue, Sep 18, 2001 at 03:32:39PM -0600, ed colmar wrote:
Hi All.
Jim and several others were helping me to get my variable SQL methods working right. They're great and do everything I want form the test window. When I call them from my external method, they come back with a REQUEST error.
This is how I call it: This has not been tested, an I make no representation that it works. try:
mastertablename = "sometablename" self.SQL_create_master_table(mastertablename=mastertablename)
REQUEST.set('mastertablename', 'sometablename') self.SQL_create_master_table(mastertablename=mastertablename) or maybe (if you have not a REQUEST at hand) self.REQUEST.set('mastertablename', 'sometablename') self.SQL_create_master_table(mastertablename=mastertablename)
Then I get:
Error Type: Bad Request Error Value: ['mastertablename']
Whats the syntax to shove this variable and it's value inside the request? Or am I doing something else wrong?
Thanks everyone!
-ed-
Again, just so everyone is aware. You have to do your own enforcement and/or quote checking if you do this. You want to be real sure that the user cannot supply something like 'table test (garbage text); drop table my_lifes_work' as the value for mastertablename. At the very least you want to reject any names with semicolons or periods, and probably want mastertablename to be a span of [a-z0-9].
CREATE TABLE <dtml-var mastertablename> ( .... )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[ed colmar]
Jim and several others were helping me to get my variable SQL methods working right. They're great and do everything I want form the test
window.
When I call them from my external method, they come back with a REQUEST error.
This is how I call it:
mastertablename = "sometablename" self.SQL_create_master_table(mastertablename=mastertablename)
Then I get:
Error Type: Bad Request Error Value: ['mastertablename']
Whats the syntax to shove this variable and it's value inside the request? Or am I doing something else wrong?
I suggest that you don't call your SQL methods from an external method at all. Instead, get the data you need for the second SQL query right from the first query (going to an external method if you need to massage it heavily) in your DTML page, execute the second query from the page, then feed that data to an external method if you need to do manipulation on the data. Let each part of the system do what it's good at. The ZSQL method is good at being called from DTML and getting data from a database, and the external method is good at processing data. Send it the data, don't make it run a ZSQL method. I'm not saying you can't - just that it's better this way. Cheers, Tom
ed colmar writes:
.... mastertablename = "sometablename" self.SQL_create_master_table(mastertablename=mastertablename)
Then I get:
Error Type: Bad Request Error Value: ['mastertablename']
Whats the syntax to shove this variable and it's value inside the request? Or am I doing something else wrong? The "syntax" is correct.
Are you sure there is no spelling problem? Dieter
participants (4)
-
Dieter Maurer -
ed colmar -
Jim Penny -
Thomas B. Passin