[Zope] Help with Tables

Ben Avery ben@thesite.org
Wed, 18 Dec 2002 18:39:17 +0000


hi Greg,

I'm not sure of any existing products which would do this, but it's easy 
enough to do yourself.

1. The column header needs to be a link back to the page, but specifying 
the column name, so an optional 'order by' clause in the zsql method. 
but the dtml-sqlvar tag puts quotes around its values, so this wouldn't 
work. and it wouldn't be safe to just use <dtml-var ...> inside a zsql 
method as someone could hack your site and call it with the column name 
e.g. 'dummy; drop table users'.
I would do this with each table display page as a folder with an 
index_html python script, a zsql method, and a display method. The 
python script takes an optional parameter of the column name, or sets a 
default. it checks this against a list of metadata about your table with 
the column names, and throws an error if this isn't in your 'safe' list. 
It then calls the zsql method with the column name, which has an 'order 
by <dtml-var col_name>' clause.

2. you need to make a page which displays the detail of the particular 
item given its primary key. I'd have a python method (say 'detail') 
which picks up the key id as parameter, calls a zsql method to get the 
info from the database, and sends it to a display method (dtml or zpt).
The item in the first page is an <a href="detail?key=&dtml-KEY;"> (in 
DTML, with KEY being a variable with the primary key value) link to the 
python script 'detail', which replaces the key id when generated. So 
this becomes a link to the detail page for each item.

hope this helps

Ben Avery


Lindstrom Greg - glinds wrote:
> Greetings-
> I am in the process of designing three (count 'em 3) projects in Zope and
> have spotted a common theme running through them.  I have pages which lists
> information stored in a Gadfly (for now) table via a ZSQLMethod.  I would
> like to add the following features to my tables;
> 
> 1.  The ability to click on the column header to sort the table by that
> column (member number, name, etc.)
> 2.  The ability to click on an entry in the table to bring up more
> information about the particular item.  For example, clicking on a member
> number might bring up a form showing more information about the member.
> 
> Is there documentation as how to go about doing this?  Or can one of you
> point me to a page that does it already?
> 
> Thanks!
> --greg
> 
> Greg Lindstrom
> The limits of language are the limits of one's world 
>  --Ludwig von Wittgenstien
> 
> 
> 
> 
> 
> 
> **********************************************************************
> The information contained in this communication is
> confidential, is intended only for the use of the recipient
> named above, and may be legally privileged.
> If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination, 
> distribution, or copying of this communication is strictly
> prohibited.
> If you have received this communication in error,
> please re-send this communication to the sender and
> delete the original message or any copy of it from your
> computer system. Thank You.
> 
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>