On Sunday 22 March 2009 03:33:41 pm Brian Neal wrote: > On Mar 22, 2:56 pm, Mike Ramirez <gufym...@gmail.com> wrote: > > On Sunday 22 March 2009 09:25:42 am Brian Neal wrote: > > > But from what you posted, I'm guessing that line needs to read: > > > > > > obj.user = User.objects.get(username=request.user) > > > > I think what you want to do with this style is: > > > > obj.user = User.objects.get(username=request.user.username) > > Yes, my mistake, thanks. > > > > or maybe just > > > > > > obj.user = request.user > > > > yeah, I think this is best. > > Agreed. > > >Tho if you're the type that sanitizes everything, > > the upper one is better. > > I don't think so. request.user gets set by Django based on cookies, so > it should be trustworthy as request.user.username.
Agreed, I just meant getting a new/recent user object to work with, which does depend on how intricate your system is and if you're updating things based off signals that affect what you're doing. example: Other user makes a change somewhere, this change, makes updates across multiple tables and you just want to be sure that this is the most recent version. Mike -- This is a good time to punt work.
signature.asc
Description: This is a digitally signed message part.
