Hi. Thanks for the pointers in my previous question. After I knew what to search for, I looked up several Zope docs and did what I wanted. However, I would like to ask some more questions: I have the following statement: <dtml-in searchField> OR FirstNameMI like <dtml-sqlvar sequence-item type="string"> OR LastName like <dtml-sqlvar sequence-item type="string"> </dtml-in> Where searchField is returned as searchField:tokens. So far so good. I want to put % in front, and after every keyword. So I try something like: FirstNameMI like <dtml-sqlvar expr='%'+sequence-item+'%' type="string"> However, because now I use an assignment operator for an expression, Zope takes sequence-item as two separate things, sequence minus item. Is there a way to work around this? I tried everything I could think of, but still the same. I would like to avoid having to use a simple dtml-var because I read in the docs that it's better for security this way (e.g. someone can't write DELETE * FROM tableName in the query). My final question, is regarding the previous, next results navigation options. (e.g. Previous 5 results, or Next 5 results). How can I have these two side by side? It seems that if I take the previous results link from the top and put it at the bottom, it doesn't appear, because there are some <dtml-if> statements before. Thanks in advance, Alex
Alexander Batzios wrote:
Part 1.1 Type: Plain Text (text/plain) Encoding: quoted-printable
usually i dont read attachments, especially if they contain long lines which urge me to scroll hor maybe i understand in wrong, but a) "LIKE" operators AFAIK cannot be made w <dtml-sqltest ...>, so you had to fall back to COLNAME LIKE %<dtml-var ...>% (from the top of my head, syntax is most prbably wrong) inserting the %-signs by slowhand. for security, make sure your var doesnt contain apostrophs b) prev/next: apart from http://www.zope.org/Members/michel/ZB, there were examples in (needs some fiddling) http://www.zope.org/Documentation/Guides/DTML-HTML/DTML.html hans ------------------------------------------------------------- Who's got only a hammer sees the world as a nail hans augustin (software developer) hans@beehive.de beehive elektronische medien GmbH http://www.beehive.de phone: +49 30 847-82 0 fax: +49 30 847-82 299
[Alexander Batzios] ... Where searchField is returned as searchField:tokens. So far so good. I want to put % in front, and after every keyword. So I try something like: FirstNameMI like <dtml-sqlvar expr='%'+sequence-item+'%' type="string"> However, because now I use an assignment operator for an expression, Zope takes sequence-item as two separate things, sequence minus item. Is there a way to work around this? I tried everything I could think of, but still the same. I would like to avoid having to use a simple dtml-var because I read in the docs that it's better for security this way (e.g. someone can't write DELETE * FROM tableName in the query). [Tom P] Use _['sequence-item'], or %dtml-sequence-item; (any DTML variable can be referred to in this way, not just sequence-item). You also want to use double quotes around the entire expression; <dtml-var expr="'%'+_['sequence-item']+'%'" type="string"> Tom P
participants (3)
-
Alexander Batzios -
hans -
Thomas B. Passin