On Thu, Jun 18, 2009 at 11:50 AM, Dennis Schmidt <metzelti...@googlemail.com
> wrote:
>
> object = eval(request.POST['type']).objects.get(pk=int(request.POST
> ['id']))
>
> should work. But you have to be very careful with what's inside of
> your 'type' param, since it will get executed as Python code. So
> always make sure nobody can inject malicious code there.
>
> On 18 Jun., 18:40, Bastien <bastien.roche...@gmail.com> wrote:
> > Hi,
> >
> > in one of my views I receive some unicode from javascript, namely I
> > receive a type of object and its pk. Then I do this:
> >
> > object = request.POST['type'].objects.get(pk=int
> > (request.POST['id']))
> > and of course Django tells me that a unicode object has no attribute
> > 'objects'. So how could I convert this request.POST to something
> > usable in this case?
> >
> > thanks,
> > Bastien
> >
>
I wouldn't use eval here, as verifying that the contents of the string are
safe is more trouble than it's worth, I would simply use a dictionary to map
possible types to the classes themsleves, something like
types = {
'user': User,
'article': Article,
}
types[request.POST['type']].objects
Alex
--
"I disapprove of what you say, but I will defend to the death your right to
say it." --Voltaire
"The people's good is the highest law."--Cicero
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
