Re: How to convert a unicode string into something that can call an object?

Thu, 18 Jun 2009 10:33:11 -0700 

Thank you both, I think the dictionary is the safest method here but
I'm glad to know the existence of eval too because I've been searching
for it all day and sure will use it in the future.

Bastien

On Jun 18, 6:52 pm, Alex Gaynor <alex.gay...@gmail.com> wrote:
> On Thu, Jun 18, 2009 at 11:50 AM, Dennis Schmidt <metzelti...@googlemail.com
>
>
>
>
>
> > wrote:
>
> > object = eval(request.POST['type']).objects.get(pk=int(request.POST
> > ['id']))
>
> > should work. But you have to be very careful with what's inside of
> > your 'type' param, since it will get executed as Python code. So
> > always make sure nobody can inject malicious code there.
>
> > On 18 Jun., 18:40, Bastien <bastien.roche...@gmail.com> wrote:
> > > Hi,
>
> > > in one of my views I receive some unicode from javascript, namely I
> > > receive a type of object and its pk. Then I do this:
>
> > >             object = request.POST['type'].objects.get(pk=int
> > > (request.POST['id']))
> > > and of course Django tells me that a unicode object has no attribute
> > > 'objects'. So how could I convert this request.POST to something
> > > usable in this case?
>
> > > thanks,
> > > Bastien
>
> I wouldn't use eval here, as verifying that the contents of the string are
> safe is more trouble than it's worth, I would simply use a dictionary to map
> possible types to the classes themsleves, something like
>
> types = {
>     'user': User,
>     'article': Article,
>
> }
>
> types[request.POST['type']].objects
>
> Alex
>
> --
> "I disapprove of what you say, but I will defend to the death your right to
> say it." --Voltaire
> "The people's good is the highest law."--Cicero
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to