Hi. This is one of the first times I'm working with Zope and databases. Until now - if I wanted to work with a databse, i always created a Z SQL method that I called from my DTML-method via <dtml-call "add_item(param1 = ..., param2 = ..., param3 = ..., ..."> (for example) or <dtml-in get_items> ... </dtml-in> (for example) In the Z SQL method 'add_item' or 'get_items', my SQL statement are defined. My question is now: Do I have to define one Z SQL Method for every SQL statement I want to perform on my database or is it possible to define SQL-statements and database requests in my DTML-method? Am I missing something? Any idea? Thanks a lot. Regards, Marc mailto:lutschi72@gmx.net
Zope differs from PHP and ASP systems in this regard. I don't think anyone using Zope that I've seen inlines SQL inside DTML. The separation of SQL and presentation via DTML is intentional. Though it's not always as expedient, the intent of the separation is to provide you with layers of abstraction that make it easier to maintain and modify your code later. That said, I imagine you could do it by constructing a string inside DTML that has the sql query and passing it in to a dummy SQL method that performs the query and returns the results. Marc LUDWIG wrote:
My question is now:
Do I have to define one Z SQL Method for every SQL statement I want to perform on my database or is it possible to define SQL-statements and database requests in my DTML-method?
Am I missing something? Any idea? Thanks a lot.
For the most part all a ZSQL method does is used some specialized DTML syntax to contruct a string that is your SQL query. You can create a ZQL method, say "GenericSQL", that has 1 parameter, let's call it "SQLStatement", whose sole DTML statement is "<dtml-var SQLStatement>". To use it you would do this: <dtml-in "GeneicSQL(SQLStatement='select * from the_table where the_var = \'var_value\'')> ... </dtml-in> You can replace the literal string with a string variable like from a filed on a form where you entered you SQL statement. I use this method extensively. Jim Sanford ----- Original Message ----- From: "Marc LUDWIG" <lutschi72@gmx.net> To: <zope@zope.org>; <zope-dev@zope.org> Sent: Sunday, June 18, 2000 3:08 PM Subject: [Zope] sql-statements in DTML-Methods.... Hi. This is one of the first times I'm working with Zope and databases. Until now - if I wanted to work with a databse, i always created a Z SQL method that I called from my DTML-method via <dtml-call "add_item(param1 = ..., param2 = ..., param3 = ..., ..."> (for example) or <dtml-in get_items> ... </dtml-in> (for example) In the Z SQL method 'add_item' or 'get_items', my SQL statement are defined. My question is now: Do I have to define one Z SQL Method for every SQL statement I want to perform on my database or is it possible to define SQL-statements and database requests in my DTML-method? Am I missing something? Any idea? Thanks a lot. Regards, Marc mailto:lutschi72@gmx.net _______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
On Mon, Jun 19, 2000 at 08:50:14AM -0500, Jim Sanford wrote:
For the most part all a ZSQL method does is used some specialized DTML syntax to contruct a string that is your SQL query. You can create a ZQL method, say "GenericSQL", that has 1 parameter, let's call it "SQLStatement", whose sole DTML statement is "<dtml-var SQLStatement>".
To use it you would do this:
<dtml-in "GeneicSQL(SQLStatement='select * from the_table where the_var = \'var_value\'')> ... </dtml-in>
You can replace the literal string with a string variable like from a filed on a form where you entered you SQL statement.
I use this method extensively.
Jim Sanford
I have also used Jim S.'s method. But, there is a danger here. Using ZSQL methods, you can pretty much insure that users cannot fill in a form such such that when zope triggers the execution the sql server is crashed or an inappropriate command is executed. ZSQL methods will handle quoting for you, the literal string method will not. So, in the literal string method, you may have to worry about input like: hello';delete from the_table;'select * from that_table which should run and probably does not have the intended effect. Further, if your database backend has memory leaks when unexecutable SQL requests are submitted (some postgresql version have had), you have opened up a dandy denial of service. It is better to use normal ZSQL Methods, unless you are forced not to (arguments that depend on the data in the form, for example). And then you need to be very careful with data validation. Also, note that there are not normally all that many calls to the database. You can usually get by with a insert into, a delete from, a select *, and a few updates per database. And, they can be shared by sub-folders. Jim Penny
----- Original Message ----- From: "Marc LUDWIG" <lutschi72@gmx.net> To: <zope@zope.org>; <zope-dev@zope.org> Sent: Sunday, June 18, 2000 3:08 PM Subject: [Zope] sql-statements in DTML-Methods....
Hi.
This is one of the first times I'm working with Zope and databases.
Until now - if I wanted to work with a databse, i always created a Z SQL method that I called from my DTML-method via
<dtml-call "add_item(param1 = ..., param2 = ..., param3 = ..., ..."> (for example) or <dtml-in get_items> ... </dtml-in> (for example)
In the Z SQL method 'add_item' or 'get_items', my SQL statement are defined.
My question is now:
Do I have to define one Z SQL Method for every SQL statement I want to perform on my database or is it possible to define SQL-statements and database requests in my DTML-method?
Am I missing something? Any idea? Thanks a lot.
Regards, Marc mailto:lutschi72@gmx.net
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
The only users who have access to this method from a HTML form are myself and the other system software engineer. I primarily use it for hard coding simple queries in short DTML documents. ----- Original Message ----- From: <jpenny@universal-fasteners.com> To: Jim Sanford <jsanford@atinucleus.com>; <zope@zope.org> Sent: Monday, June 19, 2000 10:06 AM Subject: Re: [Zope] sql-statements in DTML-Methods.... On Mon, Jun 19, 2000 at 08:50:14AM -0500, Jim Sanford wrote:
For the most part all a ZSQL method does is used some specialized DTML syntax to contruct a string that is your SQL query. You can create a ZQL method, say "GenericSQL", that has 1 parameter, let's call it "SQLStatement", whose sole DTML statement is "<dtml-var SQLStatement>".
To use it you would do this:
<dtml-in "GeneicSQL(SQLStatement='select * from the_table where the_var = \'var_value\'')> ... </dtml-in>
You can replace the literal string with a string variable like from a filed on a form where you entered you SQL statement.
I use this method extensively.
Jim Sanford
I have also used Jim S.'s method. But, there is a danger here. Using ZSQL methods, you can pretty much insure that users cannot fill in a form such such that when zope triggers the execution the sql server is crashed or an inappropriate command is executed. ZSQL methods will handle quoting for you, the literal string method will not. So, in the literal string method, you may have to worry about input like: hello';delete from the_table;'select * from that_table which should run and probably does not have the intended effect. Further, if your database backend has memory leaks when unexecutable SQL requests are submitted (some postgresql version have had), you have opened up a dandy denial of service. It is better to use normal ZSQL Methods, unless you are forced not to (arguments that depend on the data in the form, for example). And then you need to be very careful with data validation. Also, note that there are not normally all that many calls to the database. You can usually get by with a insert into, a delete from, a select *, and a few updates per database. And, they can be shared by sub-folders. Jim Penny
----- Original Message ----- From: "Marc LUDWIG" <lutschi72@gmx.net> To: <zope@zope.org>; <zope-dev@zope.org> Sent: Sunday, June 18, 2000 3:08 PM Subject: [Zope] sql-statements in DTML-Methods....
Hi.
This is one of the first times I'm working with Zope and databases.
Until now - if I wanted to work with a databse, i always created a Z SQL method that I called from my DTML-method via
<dtml-call "add_item(param1 = ..., param2 = ..., param3 = ..., ..."> (for example) or <dtml-in get_items> ... </dtml-in> (for example)
In the Z SQL method 'add_item' or 'get_items', my SQL statement are defined.
My question is now:
Do I have to define one Z SQL Method for every SQL statement I want to perform on my database or is it possible to define SQL-statements and database requests in my DTML-method?
Am I missing something? Any idea? Thanks a lot.
Regards, Marc mailto:lutschi72@gmx.net
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
hi , i am a newbie to zope. it is a perfect choice for content management. But still i have a few questions which have benn hitting me. 1. Can zope do basic site management. for example missing link checks. say if we call an object which doesnt exist. can zope show us where we have gone wrong.(without actually checking each and every object manually) 2. I have large number of small html documents(17,000). I want them to go in a database. can we automate this in zope to be uploaded it in the database. 3. Say, i want to use a zope enable webiste on a non zope enabld server, so i need all the objects(e.g. html files) from the database to come out as files. can we do this(sort of Zope to non zope convertion) 4. Which file do i need to upload to the isp end from the programmer end ,to make the site work. If we have to upload a single database it will take a lot of time. is there any incremental upload facility available. i have only ftp access with my ISP. 5. i need to build a directory like site somewhat like yahoo!, is there any toolkit available for it in zope. Thanks
On Tue, 20 Jun 2000, Rajil Saraswat wrote: hi , i had sent this message. may be some of you had overlooked it,so here it is again. please answer to this, as it is very important for me to switch to zope. 1. Can zope do basic site management. for example missing link checks. say if we call an object which doesnt exist. can zope show us where we have gone wrong.(without actually checking each and every object manually) 2. I have large number of small html documents(17,000). I want them to go in a database. can we automate this in zope to be uploaded it in the database. 3. Say, i want to use a zope enable webiste on a non zope enabld server, so i need all the objects(e.g. html files) from the database to come out as files. can we do this(sort of Zope to non zope convertion) 4. Which file do i need to upload to the isp end from the programmer end ,to make the site work. If we have to upload a single database it will take a lot of time. is there any incremental upload facility available. i have only ftp access with my ISP. 5. i need to build a directory like site somewhat like yahoo!, is there any toolkit available for it in zope. Thanks
participants (5)
-
Chris McDonough -
Jim Sanford -
jpennyï¼ universal-fasteners.com -
Marc LUDWIG -
Rajil Saraswat