[Zope] Checkbox and SQL Method

Tino Wildenhain tino@wildenhain.de
Fri, 10 Aug 2001 11:56:50 +0200


Hi Charlene,

you can do this with

<dtml-var expr="_.string.join(yourlist,',')">

However this is a bit risky. An attacker could fake your form
and send arbitratry strings with it!

More complex, but saver would be something like that:

<dtml-in yourlist>
<dtml-unless sequence-start>,</dtml-unless>
<dtml-sqlvar sequence-item type=int>
</dtml-in>

There might even be a group statement for SQL Methods, but I dont
remember it at the moment.

Note the square brackets you see are only a view on the list object
what python provides if you just show the object.

Regards
Tino

--On Donnerstag, 9. August 2001 16:18 -0700 "CHOY,CHARLENE (HP-Boise,ex1)" 
<charlene_choy@hp.com> wrote:

> Thanks Eric, I have solved part of my problem =)
>   I have a new problem now.
>   After the form is being process I have a list ['1','2','3'].
> how do I get rid of the bracket and single quotes because I only need 1,2,3
> as the argument to my sqlmethod.
>   Thanks in advance for your help.
>
> -Charlene
>
> -----Original Message-----
> From: Eric Walstad [mailto:eric@walstads.net]
> Sent: Thursday, August 09, 2001 4:24 PM
> To: CHOY,CHARLENE (HP-Boise,ex1); Zope List (E-mail)
> Subject: RE: [Zope] Checkbox and SQL Method
>
>
> Hi Charlene,
>
> It looks to me like your SQL is set up to only handle one "index" value.  If
> I understand your question, you need something like this in your SQL:
> SELECT * FROM data
> WHERE index IN (1, 3, 5, 7, 11);
>
> You can then use that list to populate the list of "indexes" used in the SQL
> IN clause.  I think the <dtml-sqltest> tag will do the iteration over the
> list for you.
>
> Check out the "Dynamic SQL Queries" section of the Zope Book for more
> details.
>
> HTH,
>
> Eric.
>
>>   If I get a list of input values for the argument of my sql
>> method from the
>> check box, how do I call the sqlmethod to repeatedly display them.  My
>> sqlmethod only has one argument.
>>
>>   The following is some of the snippet of my codes.
>>
>>
>> =============================
>> sqlmethod: selected_item
>> =============================
>> Argument: selected_number
>>
>> "SELECT * data where
>>  index = <dtml-sqlvar selected_item type=int>"
>>
>>
>> ******************************************************************
>>
>> =============================
>> dtml-method: list_selected_item
>> =============================
>> <dtml-var standard_html_header>
>> <form action=selected_item action=post>
>> <dtml-in lookup_item size=50 start=query_start> //lookup_item is
>> another sql
>> method
>>   <dtml-if sequence-start>
>>        <dtml-comment> there is some more codes here </dtml-comment>
>>   <table>
>>   <tr>
>>           <th>Index</th>
>>           <th>Checkbox</th>
>>
>>   </dtml-if sequence-start>
>>
>>   <tr>
>>           <td><dtml-var index null=""></td>
>>
>>           <td><center><input type="checkbox" name="selected_lcn"
>> value="<dtml-var index>">
>>               </center></td>
>>      <dtml-if sequence-end>
>>
>>    </table>
>>    <dtml-comment> Some other codes here </dtml-comment>
>>
>>      </dtml-if sequence-end>
>>
>> <dtml-else>
>>
>>   There was no data matching this <dtml-var title_or_id> query.
>>
>> </dtml-in>
>> <input type=submit value="Generate Report">
>> </form>
>> <dtml-var standard_html_footer>
>>
>> ******************************************************************
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )