On Mar 22, 2:56 pm, Mike Ramirez <gufym...@gmail.com> wrote:
> On Sunday 22 March 2009 09:25:42 am Brian Neal wrote:
>
>
> > But from what you posted, I'm guessing that line needs to read:
>
> > obj.user = User.objects.get(username=request.user)
>
> I think what you want to do with this style is:
>
>         obj.user = User.objects.get(username=request.user.username)

Yes, my mistake, thanks.

>
> > or maybe just
>
> > obj.user = request.user
>
> yeah, I think this is best.

Agreed.

>Tho if you're the type that sanitizes everything,
> the upper one is better.

I don't think so. request.user gets set by Django based on cookies, so
it should be trustworthy as request.user.username.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to