[Zope] (no subject)
Rob Page
rob.page@digicool.com
Thu, 15 Apr 1999 17:50:48 -0400
Jay:
> I am trying to update my database using url traversal. I'm
> pretty sure I
> need to give proxy permission in order to do update the
> database however
> there seems no way to do this. eg
>
> I am using a url like this
> http://provision.auslabs.lucent.com/cgi-bin/provision.exe/Dow
> nload/qryComple
> teReg/MagicNumber/60330800/completeReg
The example you included below has a heterogeneous mix of SQL
statements... some pass-through (e.g., UPDATE) which return no values
and SELECTs which do. I'm not sure if it's a bug or not but I'm under
the impression that you ought not mix SQL like this.
<out on a limb>
I'd suggest decomposing this one SQL Method into three separate
SQLMehthods and calling them from the action document. For example:
dtCompleteARegistration ==
<!--#call qryUpdateRoles-->
<!--#call qrySelectUserInfo-->
<!--#call qryDeleteOldUnregRecord-->
</out on a limb>
> where qryCompleteReg is
>
> UPDATE users
> SET roles = 'Customer'
> WHERE username =
> ( SELECT unregUsers.username
> FROM unregUsers
> WHERE MagicNumber = <!--#sqlvar MagicNumber type=string-->
> )
>
> <!--#var sql_delimiter-->
>
> SELECT users.username, fullName, email
> FROM users, unregUsers
> WHERE MagicNumber = <!--#sqlvar MagicNumber type=string--> AND
> unregUsers.username = users.username
>
> <!--#var sql_delimiter-->
>
> DELETE
> FROM unregUsers
> WHERE MagicNumber = <!--#sqlvar MagicNumber type=string-->
>
> Testing this sql_mehtod using the manage interface works
> perfectly but when
> I use it from the url above it seems to work however doesn't
> actually do the
> UPDATE or DELETE (The SELECT works however).
--Rob