> I am trying to use a python script to call a Z SQL method. The python
You need to have defined "words" as parameter for ZSQL Metod. You have tried
to call property wordlist which is not exit.
Here are your ZSQL with safety (not functional) concern:
<params>
words:string
</params>
SELECT * FROM table
WHERE
<dtml-in words prefix="wrd">
(
column1 LIKE '%<dtml-var wrd_item sql_quote>%'
OR
column2 LIKE '%<dtml-var wrd_item sql_quote>%'
)
<dtml-unless sequence-end> AND </dtml-unless>
</dtml-in>
And here are some functional tips for you:
<dtml-sqltest>
<dtml-sqlgroup>
> -----z sql script:
> SELECT * FROM table
> WHERE
> <dtml-in words>
> column1 LIKE ('<dtml-var "'%'+sequence-item+'%'">' OR
> column2 LIKE '<dtml-var "'%'+sequence-item+'%'">') <dtml-unless sequence-
> end> AND </dtml-unless>
> </dtml-in>
Nice example for easy SQL injection!
_______________________________________________
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
