On 29 mar, 09:12, Thierry Chich <thierry.ch...@gmail.com> wrote: > Le lundi 29 mars 2010 02:14:34, pjrhar...@gmail.com a écrit :> > OK. I can > also put an hidden field in my form. I will evaluate what is > > > the better option for me. > > > Bear in mind if you exclude it from your form altogether there is > > nothing to stop a malicious user setting it by modifying the post > > data. > > > Peter > > You would say : if i use an hidden form. If I exclude the field from my > ModelFrom, a corrupted POST can not have an effect. I just have to set the > field > value in the model, and it is done, isn't it ?
Yeps, right. To summarize : if you don't want the user being able to set a field from a modelForm, then exclude it from the modelForm and set it on the instance. Using a hidden field will "kind of" work - if you don't care about security, that is !-) -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
