Hi all,
I have created a manual HTML form (not FORM() or SQLFORM()) that has a
few hidden fields (ie. ..)
When this form posts back to the controller, form.accepts() returns
True, but only the non-hidden field (there is only one, the rest are
hidden) is saved to the database. The other fields all
you use
>
> form.accepts()
>
> what is form if you do not use FORM or SQLFORM?
>
> On Oct 24, 11:27 pm, Ruiwen Chua wrote:
>
>
>
>
>
>
>
> > Hi all,
>
> > I have created a manual HTML form (not FORM() or SQLFORM()) that has a
> > few hidden fields (ie.
in request.vars but not in form.vars because
> accepts does not know they are supposed to be there and protects you
> from injection attacks.
>
> You can also try use this:
>
> form=SQLFORM(,hidden=dict(key='value'))
>
> Massimo
>
> On Oct 24, 11:39 pm, Ruiwen
Thanks for the clarification.
Though, in what way is this a security mechanism?
On Oct 25, 1:03 pm, mdipierro wrote:
> I understand. That is intended. That is a security mechanism.
> You must use SQLFORM(...,hidden=...)
>
> On Oct 24, 11:46 pm, Ruiwen Chua wrote:
>
>
>
s
>
> they would be able to change the manager status even if it does not
> appears in the form. Only fields that are declared as writable and
> visible to SQLFORM can be inserted in the db.
>
> web2py has lots of security mechanisms and we are working on even
> more!
>
> M
On Oct 25, 7:54 pm, mdipierro wrote:
> On Oct 25, 1:17 am, Ruiwen Chua wrote:
>
> > I see. So form.accept() will not parse any field unless explicitly
> > defined in SQLFORM?
>
> > (Ok I'm not sure if I should start another thread for this, but a few
> >
Hi,
Does anyone know of a way to use WebSockets with web2py?
other in the View
> side.
>
> Regards
>
> On Oct 26, 11:28 am, Ruiwen Chua wrote:
>
>
>
>
>
>
>
> > Hi,
>
> > Does anyone know of a way to use WebSockets with web2py?
Hi,
Just wondering if it's possible to have fields that optionally
reference other fields? For example, I have the below table defined:
# Message model
db.define_table('message',
Field('sender', custom_auth_table, writable=False, required=True,
notnull=True),
Field('recipient', cu
Hi,
I'm running into a little problem with boolean Field in my model. I
have:
db.define_table('message',
Field('sender', custom_auth_table, writable=False, required=True,
notnull=True),
Field('text', 'string', length=2048, required=True, notnull=True),
Field('is_read', 'bo
ing a NULL)?
On Oct 29, 6:51 pm, Vinicius Assef wrote:
> How about stripping the "notnull=True"?
>
> If I'm right, your "default=False" option will replace null value by False.
>
>
>
>
>
>
>
> On Fri, Oct 29, 2010 at 8:11 AM, Ruiwen Chua wrote
Hi all,
I have a message table defined as such:
db.define_table('message',
Field('recipient', 'integer', writable=False, required=True),
Field('entity', 'string', length=256, required=True, notnull=True),
Field('text', 'string', length=2048, required=True, notnull=True),
Hi all,
I'm trying to route errors like 400, 403 and 404 to nice, clear URLs
like '/error/', '/forbidden/' and '/whoops/'.
Unfortunately, the Web2Py Book's section on error routing (http://
www.web2py.com/book/default/chapter/04?search=error#Routes-on-Error)
is pretty sparse, and I haven't been a
On Nov 9, 7:16 pm, Ruiwen Chua wrote:
> Hi all,
>
> I'm trying to route errors like 400, 403 and 404 to nice, clear URLs
> like '/error/', '/forbidden/' and '/whoops/'.
>
> Unfortunately, the Web2Py Book's section on error routing
>
Is there no way around it? Or..?
I'd just prefer my URLs to be clean. The users dont' really need to
see all the additional information.
//Ruiwen
On Nov 10, 11:36 am, mdipierro wrote:
> No. Why?
>
> On Nov 9, 5:16 am, Ruiwen Chua wrote:
>
>
>
>
>
>
&g
Hi,
I have a table full of records and would like to retrieve only the 15
most recent records, sorted by their creation date.
I've tried using the limitby= argument to select() in the DAL, but the
online book only shows one example that uses limitby to select 2
records starting from 0, ie. limitb
tilde (~), this is important because it makes
> reverse order i.e. latest dates first
>
> -D
>
> On Nov 13, 10:10 am, Ruiwen Chua wrote:
>
>
>
>
>
>
>
> > Hi,
>
> > I have a table full of records and would like to retrieve only the 15
> > mos
Hi,
Currently, I'm using the default auth() (eg. return dict(form=auth())
method for generating the form for my user login view.
I'd like to know if there's any way by which I can tell if a login has
failed from within the controller action? I've just asked on the IRC
channel, and the answer I go
18 matches
Mail list logo
