Well you should always validate whatever you get from the users. In that
validation step you can do that.
A possible way to validate it would be to do something like:
ids, error = IS_LIST_OF(IS_INT_IN_RANGE(minimum=1),
maximum=YOUR_MAX_NUMBER_OF_IDS)(request.vars.ids.split(','))
if error:
# we didn't validate for some reason
response.flash = error
else:
people = db(db.auth_user.id.belongs(ids))...
Instead of using IS_INT_IN_RANGE you can even go a step further and use
IS_IN_DB, but that would be much more heavy as it would hit the database
and I don't think it's needed here due to the next step.
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
