[Zope] Parameterizing dtml-sqltest's column?
Dieter Maurer
dieter@handshake.de
Fri, 25 Oct 2002 21:52:38 +0200
Richard Wesley writes:
> ...
> <dtml-sqltest Value column="_.getitem('sequence-item')" type=string>
> ...
> But this expands to having the column equal to the literal text
> "_.getitem('sequence-item')", i.e. no interpretation is done.
>
> Is there a way to do this or do I have to leave all my SQL unprotected?
"dtml-sqltest" does not provide such a way (you can extend it
along the line of other "XXX_expr" attributes. You find examples,
e.g. in "Products/MailHost/SendMailTag").
You can however use the more elementary "dtml-sqlvar".
The above "dtml-sqltest", e.g., can be emulated by:
<dtml-var expr="_.getitem('sequence-item')" sql_quote>
= <dtml-sqlvar Value type=string>
Be careful about security!
Dieter