Parameterizing dtml-sqltest's column?
I would like to write a general purpose table row extractor and the column parameter to dtml-sqltest is driving me crazy. Here is what I would _like_ to do (simplified slightly): <params>Table Row</params> select * from <dtml-var Table> <dtml-sqlgroup where> <dtml-if Row> <dtml-in expr="Row.keys()"> <dtml-unless sequence-start>and</dtml-unless> <dtml-let Value="Row[_.getitem('sequence-item')]"> <dtml-sqltest Value column="_.getitem('sequence-item')" type=string> </dtml-let> </dtml-in> </dtml-if> </dtml-sqlgroup> But this expands to having the column equal to the literal text "_.getitem('sequence-item')", i.e. no interpretation is done. Is there a way to do this or do I have to leave all my SQL unprotected? TIA, Sincerely, Richard Wesley Co-President, Electric Fish, Inc. <http://www.electricfish.com/> (v) +1-206-493-1690x210 (f) +1-206-493-1697
Richard Wesley writes:
... <dtml-sqltest Value column="_.getitem('sequence-item')" type=string> ... But this expands to having the column equal to the literal text "_.getitem('sequence-item')", i.e. no interpretation is done.
Is there a way to do this or do I have to leave all my SQL unprotected? "dtml-sqltest" does not provide such a way (you can extend it along the line of other "XXX_expr" attributes. You find examples, e.g. in "Products/MailHost/SendMailTag").
You can however use the more elementary "dtml-sqlvar". The above "dtml-sqltest", e.g., can be emulated by: <dtml-var expr="_.getitem('sequence-item')" sql_quote> = <dtml-sqlvar Value type=string> Be careful about security! Dieter
At 9:52 PM +0200 10/25/02, Dieter Maurer wrote:
Richard Wesley writes:
... <dtml-sqltest Value column="_.getitem('sequence-item')" type=string> ... But this expands to having the column equal to the literal text "_.getitem('sequence-item')", i.e. no interpretation is done.
Is there a way to do this or do I have to leave all my SQL unprotected? "dtml-sqltest" does not provide such a way (you can extend it along the line of other "XXX_expr" attributes. You find examples, e.g. in "Products/MailHost/SendMailTag").
You can however use the more elementary "dtml-sqlvar".
The above "dtml-sqltest", e.g., can be emulated by:
<dtml-var expr="_.getitem('sequence-item')" sql_quote> = <dtml-sqlvar Value type=string>
Be careful about security!
Thank you Dieter. I have to say that after I posted this, I checked my code and I am in fact using dtml-sqlvar, so I should be OK. It would just have been nice to be able to use the multiple tag. Sincerely, Richard Wesley Co-President, Electric Fish, Inc. <http://www.electricfish.com/> (v) +1-206-493-1690x210 (f) +1-206-493-1697
participants (2)
-
Dieter Maurer -
Richard Wesley