[docs] Change in DbSqlAccessMethods made by Paul Jordan
Wiki Watch
docs@icdevgroup.org
Fri May 23 12:47:00 2003
You can visit the live page at this URL:
http://www.icdevgroup.org/i/doc/wiki/DbSqlAccessMethods.html
--- tmp/dutEvnI2:63.205.59.62.previous Fri May 23 12:42:03 2003
+++ tmp/dutEvnI2:63.205.59.62.current Fri May 23 12:42:03 2003
@@ -4,3 +4,30 @@
of the other databases can. Arbitrary SQL queries can be passed with
the [query sql="SQL STATEMENT"] ITL tag.
+ [query
+ ml=10
+ more=1
+ type=list
+ sp="@@MV_PAGE@@"
+ sql=|
+ SELECT sku, description
+ FROM products
+ WHERE somecol BETWEEN '[cgi from]' AND '[cgi to]'
+ AND someothercol = '[cgi whatever]'
+ ORDER BY sku
+ |]
+ [list]
+ sku=[sql-code] - desc=[sql-param description]<br>
+ [/list]
+ [on-match]
+ Something was found<br>
+ [/on-match]
+ [no-match]
+ Nothing was found<br>
+ [/no-match]
+ [more-list]
+ <br>[matches]<br>
+ [/more-list]
+ [/query]
+
+You will want to filter your [cgi foo] values for a (') that are used to build the query. I believe the is a filter=quotesql that will work for this.