[Zope] Building SQL statements dynamically

Thomas B. Passin tpassin@mitretek.org
Mon, 13 May 2002 10:33:48 -0400


[Tille, Andreas]
>
> I have to port a complex database application which has no fix SQL
> statements.  The user builds the statement while interacting with
> some menus and after having done some selections a database query
> is builded depending from several options.
>
> Any hint how this can be performed using Zope?
>

Building the query string may be hard, but it has nothing to do with Zope
specifically.  Once the query string has been constructed, you could execute
it using a ZSQL method by putting something as simple as

&dtml-querystring;

into the  zsql method, where "querystring" is the name of the variable that
holds the query.

This could be somewhat dangerous, though, and you really need to work out
some safeguards to protect against unfriendly query strings that could
damage the database.

Cheers,

Tom P