any SQLFORM is csrf protected so those kind of attempts resulted in nothing.
the "correct code" is
form = SQLFORM(db.table)
if form.process().accepted:
do something
elif form.errors:
error # this is probably where that call ended
return dict(form=form)
On Monday, January 4, 2016 at 7:26:56 AM UTC+1, Joe wrote:
>
> When I create a form do I need to do anything other than just have this
> line in the controller:
> form = SQLFORM(db.example).process()
> and then {{=form}} in the view?
> As far as security, this is enough just like that, right?
>
> The reason I am asking because I just looked through the records in the
> database administration and a couple of the records indicated that someone
> was trying to hack my site by inserting html.
> So if I see something like that in the records, I shouldn't worry, right?
>
> It was just standard things like:
>
> *sometext*+*www.mydomain.com <http://www.mydomain.com>*@
> *sometext.com
> <http://sometext.com>*http://*sometext*.com/?url=*www.mydomain.com
> <http://www.mydomain.com>*&id=e318
>
> I am pretty sure, this attempt didn't work but I would appreciate some
> feedback so I can learn more about this issue.
>
> Thanks very much.
>
>
>
>
>
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
