[Zope] (no subject)

Rob Page rob.page@digicool.com
Thu, 15 Apr 1999 17:50:48 -0400


Jay:

>  I am trying to update my database using url traversal. I'm 
>  pretty sure I
>  need to give proxy permission in order to do update the 
>  database however
>  there seems no way to do this. eg
>  
>  I am using a url like this
>  http://provision.auslabs.lucent.com/cgi-bin/provision.exe/Dow
>  nload/qryComple
>  teReg/MagicNumber/60330800/completeReg

The example you included below has a heterogeneous mix of SQL
statements... some pass-through (e.g., UPDATE) which return no values
and SELECTs which do.  I'm not sure if it's a bug or not but I'm under
the impression that you ought not mix SQL like this.

<out on a limb>

I'd suggest decomposing this one SQL Method into three separate
SQLMehthods and calling them from the action document.  For example:

dtCompleteARegistration ==

<!--#call qryUpdateRoles-->
<!--#call qrySelectUserInfo-->
<!--#call qryDeleteOldUnregRecord-->


</out on a limb>

>  where qryCompleteReg is 
>  
>  UPDATE users
>  SET roles = 'Customer'
>  WHERE username = 
>    ( SELECT unregUsers.username
>      FROM unregUsers
>      WHERE MagicNumber = <!--#sqlvar MagicNumber type=string-->
>    )
>  
>  <!--#var sql_delimiter-->
>  
>  SELECT users.username, fullName, email
>  FROM users, unregUsers
>  WHERE MagicNumber = <!--#sqlvar MagicNumber type=string--> AND
>  unregUsers.username = users.username
>  
>  <!--#var sql_delimiter-->
>  
>  DELETE
>  FROM unregUsers
>  WHERE MagicNumber = <!--#sqlvar MagicNumber type=string-->
>  
>  Testing this sql_mehtod using the manage interface works 
>  perfectly but when
>  I use it from the url above it seems to work however doesn't 
>  actually do the
>  UPDATE or DELETE (The SELECT works however).

--Rob