[Zope-DB] ZPTs and database accesses
Chris Withers
chris at simplistix.co.uk
Wed May 25 04:54:08 EDT 2005
Jaroslav Lukesh wrote:
> with discuss about security it is possible to query sql directly from dtml/zpt
> with yourZSQLmethod like this:
>
> <param>
> sqlquery:string
> </params>
> <dtml-var sqlquery>
>
> and corresponding dtml method:
>
> <dtml-call "REQUEST.set('sqlquery','select * from table')">
> <dtml-in yourZSQLmethod>
> ...
> </dtml-in>
Yes, although you're opening yourself to a world of SQL injection
vulnerabilities by doing so ;-)
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope-DB
mailing list