[Zope] Checkbox and SQL Method
Tino Wildenhain
tino@wildenhain.de
Fri, 10 Aug 2001 11:56:50 +0200
Hi Charlene,
you can do this with
<dtml-var expr="_.string.join(yourlist,',')">
However this is a bit risky. An attacker could fake your form
and send arbitratry strings with it!
More complex, but saver would be something like that:
<dtml-in yourlist>
<dtml-unless sequence-start>,</dtml-unless>
<dtml-sqlvar sequence-item type=int>
</dtml-in>
There might even be a group statement for SQL Methods, but I dont
remember it at the moment.
Note the square brackets you see are only a view on the list object
what python provides if you just show the object.
Regards
Tino
--On Donnerstag, 9. August 2001 16:18 -0700 "CHOY,CHARLENE (HP-Boise,ex1)"
<charlene_choy@hp.com> wrote:
> Thanks Eric, I have solved part of my problem =)
> I have a new problem now.
> After the form is being process I have a list ['1','2','3'].
> how do I get rid of the bracket and single quotes because I only need 1,2,3
> as the argument to my sqlmethod.
> Thanks in advance for your help.
>
> -Charlene
>
> -----Original Message-----
> From: Eric Walstad [mailto:eric@walstads.net]
> Sent: Thursday, August 09, 2001 4:24 PM
> To: CHOY,CHARLENE (HP-Boise,ex1); Zope List (E-mail)
> Subject: RE: [Zope] Checkbox and SQL Method
>
>
> Hi Charlene,
>
> It looks to me like your SQL is set up to only handle one "index" value. If
> I understand your question, you need something like this in your SQL:
> SELECT * FROM data
> WHERE index IN (1, 3, 5, 7, 11);
>
> You can then use that list to populate the list of "indexes" used in the SQL
> IN clause. I think the <dtml-sqltest> tag will do the iteration over the
> list for you.
>
> Check out the "Dynamic SQL Queries" section of the Zope Book for more
> details.
>
> HTH,
>
> Eric.
>
>> If I get a list of input values for the argument of my sql
>> method from the
>> check box, how do I call the sqlmethod to repeatedly display them. My
>> sqlmethod only has one argument.
>>
>> The following is some of the snippet of my codes.
>>
>>
>> =============================
>> sqlmethod: selected_item
>> =============================
>> Argument: selected_number
>>
>> "SELECT * data where
>> index = <dtml-sqlvar selected_item type=int>"
>>
>>
>> ******************************************************************
>>
>> =============================
>> dtml-method: list_selected_item
>> =============================
>> <dtml-var standard_html_header>
>> <form action=selected_item action=post>
>> <dtml-in lookup_item size=50 start=query_start> //lookup_item is
>> another sql
>> method
>> <dtml-if sequence-start>
>> <dtml-comment> there is some more codes here </dtml-comment>
>> <table>
>> <tr>
>> <th>Index</th>
>> <th>Checkbox</th>
>>
>> </dtml-if sequence-start>
>>
>> <tr>
>> <td><dtml-var index null=""></td>
>>
>> <td><center><input type="checkbox" name="selected_lcn"
>> value="<dtml-var index>">
>> </center></td>
>> <dtml-if sequence-end>
>>
>> </table>
>> <dtml-comment> Some other codes here </dtml-comment>
>>
>> </dtml-if sequence-end>
>>
>> <dtml-else>
>>
>> There was no data matching this <dtml-var title_or_id> query.
>>
>> </dtml-in>
>> <input type=submit value="Generate Report">
>> </form>
>> <dtml-var standard_html_footer>
>>
>> ******************************************************************
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )