Thanks very much Niphlod,
So, the special characters in the user input showing up in the table
records text is basically harmless, right? That's what I though.
Thanks for the correct code. I actually thought the code was:
*form = SQLFORM(db.table).process() *
*if form.accepted:*
do something
elif form.errors:
#errors this is probably where that call ended
So, the above is not correct?
BTW: You mean this is where the attempt/call should have ended? It didn't
end there. The form actually processed the input with the special
characters. I read the entire input with the html code in it in the
database table records. It shouldn't have processed it because of the
special characters? I am probably misunderstanding you. Please kindly let
me know.
Thanks again.
Cheers,
Joe
On Monday, January 4, 2016 at 5:38:41 PM UTC+8, Niphlod wrote:
>
> any SQLFORM is csrf protected so those kind of attempts resulted in
> nothing.
>
> the "correct code" is
>
> form = SQLFORM(db.table)
> if form.process().accepted:
> do something
> elif form.errors:
> error # this is probably where that call ended
>
> return dict(form=form)
>
> On Monday, January 4, 2016 at 7:26:56 AM UTC+1, Joe wrote:
>>
>> When I create a form do I need to do anything other than just have this
>> line in the controller:
>> form = SQLFORM(db.example).process()
>> and then {{=form}} in the view?
>> As far as security, this is enough just like that, right?
>>
>> The reason I am asking because I just looked through the records in the
>> database administration and a couple of the records indicated that someone
>> was trying to hack my site by inserting html.
>> So if I see something like that in the records, I shouldn't worry, right?
>>
>> It was just standard things like:
>>
>> *sometext*+*www.mydomain.com <http://www.mydomain.com>*@
>> *sometext.com
>> <http://sometext.com>*http://*sometext*.com/?url=*www.mydomain.com
>> <http://www.mydomain.com>*&id=e318
>>
>> I am pretty sure, this attempt didn't work but I would appreciate some
>> feedback so I can learn more about this issue.
>>
>> Thanks very much.
>>
>>
>>
>>
>>
>>
>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
