Re: [web2py] Re: ADD TO CART BUTTON

Wed, 06 Jun 2018 02:20:02 -0700 

ok thank you sir ... i am still new to web2py

On 5 June 2018 at 16:17, Anthony <abasta...@gmail.com> wrote:

> db.define_table('products',
>>     Field('product_name'),
>>     Field('current_price', 'float'),
>>     Field('image', 'upload'),
>>     Field('description', type='text'),
>>     Field('product_availability', requires = IS_IN_SET(['Available','Not
>> Available'])),
>>     auth.signature,
>>     )
>>
>> db.define_table('orders',
>>     Field('productId', db.product),
>>
>
> Is this your real code? If so, the above line would be throwing an
> exception, as the table name is db.products, not db.product.
>
>
>>  def proc():
>>     prodDict = {}
>>     productrows = db(db.products).select()
>>     for x in productrows:
>>         prodDict[x.id] = x.product_name
>>     order_date = str(request.now.year) + "-" + str(request.now.month) +
>> "-" + str(request.now.day)
>>     qty = request.vars.qty
>>     productId = request.vars.productId
>>     userId = session.auth.user.id
>>     sql = "INSERT INTO orders (productId, userId, qty, order_date) values
>> (str(productId), str(userId), str(qty), str(order_date))"
>>
>
> Above, you cannot mix Python into your SQL code. Also, by generating SQL
> with user-submitted values, you are opening yourself to SQL injection
> attacks. Why are you manually generating raw SQL rather than using the DAL
> to do the insert?
>
> Before proceeding, I strongly suggest reading the web2py documentation.
>
> Anthony
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to