--- ZSQLExtend/ZSQLExtend.py 2003/11/28 15:03:10 1.1.1.1 +++ ZSQLExtend/ZSQLExtend.py 2003/12/23 17:56:01 1.4 @@ -5,8 +5,14 @@ from Globals import DTMLFile import urllib import re import string +from pyPgSQL import libpq from AccessControl import getSecurityManager +def quoteString(name): + #return re.sub(r'([\(\)\?])',"\\\1",name) + #return "Euklid" + return name + class ZSQLExtendFolder(Persistent, Implicit, Folder): """Folder""" meta_type="ZSQLExtendFolder" @@ -15,7 +21,9 @@ class ZSQLExtendFolder(Persistent, Impli """inlinesearch""" qs=[] - + + + for a in argv.keys(): qs.append(a+"="+urllib.quote(str(argv[a]))) @@ -41,7 +49,7 @@ class ZSQLExtendFolder(Persistent, Impli valueList=[] for x in addList.keys(): keyList.append("\""+x+"\"") - valueList.append("\'"+addList[x]+"\'") + valueList.append(libpq.PgQuoteString(addList[x])) keyString=string.join(keyList,",") valueString=string.join(valueList,",") @@ -50,7 +58,41 @@ class ZSQLExtendFolder(Persistent, Impli self.search(var=queryString) return self.REQUEST.RESPONSE.redirect(format) - def ZSQLChange(self): + def ZSQLChange(self,**argv): + """Ändern von Einträgen""" + #qs=self.REQUEST['QUERY_STRING'] + # very bad hack + qs_temp=[] + + for a in self.REQUEST.form.keys(): + qs_temp.append(a+"="+urllib.quote(str(self.REQUEST.form[a]))) + + qs=string.join(qs_temp,"&") + + + #print "CHANGE QS",self.REQUEST + #return self.REQUEST + changeList=[] + for q in qs.split("&"): + name=urllib.unquote(re.sub("r'+'"," ",q.split("=")[0].lower())) + value=q.split("=")[1] + value=re.sub(r'\+'," ",value) + value=urllib.unquote(value) + if name=="-table": + table=urllib.unquote(value) + elif name=="-identify": + identify=urllib.unquote(value) + identify=identify.split("=")[0]+"="+libpq.PgQuoteString(identify.split("=")[1]) + elif name=="-format": + format=urllib.unquote(value) + elif (not name[0]=="-") and (not len(value)==0): + changeList.append("\""+name+"\"="+libpq.PgQuoteString(urllib.unquote(value))) + changeString=string.join(changeList,",") + queryString="UPDATE %s SET %s WHERE %s"%(table,changeString,identify) + self.search(var=queryString) + return self.REQUEST.RESPONSE.redirect(format) + + def ZSQLChange_old(self): """Ändern von Einträgen""" qs=self.REQUEST['QUERY_STRING'] #print "CHANGE QS",self.REQUEST @@ -65,11 +107,11 @@ class ZSQLExtendFolder(Persistent, Impli table=urllib.unquote(value) elif name=="-identify": identify=urllib.unquote(value) - identify=identify.split("=")[0]+"=\'"+identify.split("=")[1]+"\'" + identify=identify.split("=")[0]+"="+libpq.PgQuoteString(identify.split("=")[1]) elif name=="-format": format=urllib.unquote(value) elif (not name[0]=="-") and (not len(value)==0): - changeList.append("\""+name+"\"=\'"+urllib.unquote(value)+"\'") + changeList.append("\""+name+"\"="+libpq.PgQuoteString(urllib.unquote(value))) changeString=string.join(changeList,",") queryString="UPDATE %s SET %s WHERE %s"%(table,changeString,identify) self.search(var=queryString) @@ -102,16 +144,29 @@ class ZSQLExtendFolder(Persistent, Impli whereList=[] sort="" op="bw" - + opfields={} + if not select: select="*" - + + #check for op in the case of inline search + if iCT=="_": + for q in qs.split(","): + name=re.sub("r'+'"," ",q.split("=")[0].lower()) + value=urllib.unquote(q.split("=")[1]) + + if name[0:3]==iCT+"op": + op=value + field=name[4:] + opfields[field]=op + + #now analyse the querystring for q in qs.split(","): try: name=re.sub("r'+'"," ",q.split("=")[0].lower()) value=urllib.unquote(q.split("=")[1]) - + value=quoteString(value) if name==iCT+"lop": lop=value elif name==iCT+"table": @@ -130,8 +185,12 @@ class ZSQLExtendFolder(Persistent, Impli elif name==iCT+"op": op=value + + elif (not name[0]==iCT) and (not len(value)==0): + if opfields.has_key(name): + op=opfields[name] if op=="ct": whereList.append(name+"~\'.*"+value+".*\'") elif op=="gt": @@ -155,6 +214,7 @@ class ZSQLExtendFolder(Persistent, Impli query="SELECT %s FROM %s %s %s"%(select,table,where,sort) + self.REQUEST.SESSION['qs']=opfields return self.search(var=query) def ZSQLSearch(self):