On Fri, Sep 29, 2000 at 06:19:35PM +0300, Erno Kuusela wrote:
> Hello,
>
> i'm obviously missing something obvious, but how does one
> execute arbitrary sql statements from an external method?
Look at
http://www.zope.org/Members/jpenny/Accessing_a_ZSQL_Method_from_an_External_Method
Now think about a SQL method with parameter body and template like:
<dtml-var body>
You can now do anything by supplying body as an argument.
Note. This is really BAD idea. By doing this, you will construct
a web accessible method which permits anyone with access rights to
the external method to do anything at all your database. Not good.
Even though it is irritating from a programmer's point of view,
it is much better to define a series of restricted ZSQL methods
that do as little as possible. This permits far more damage control.
>
> -- erno
>
_______________________________________________
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )