Fixed. In my playing around I had tried passing a field list to SQLFORM. I had gotten db.client.fields, and used a subroutine to remove 'userid' from the list. Of course db.client.fields was passed by reference.......
Thanks again Karl On Jan 15, 11:31 am, mdipierro <mdipie...@cs.depaul.edu> wrote: > On Jan 15, 12:13 pm, kbochert <kboch...@copper.net> wrote: > > > Error traceback > > > Traceback (most recent call last): > > File "gluon/restricted.py", line 173, in restricted > > File "E:/web2py/applications/mug/controllers/admin.py", line 325, in > > <module> > > File "E:/web2py/applications/mug/models/db.py", line 139, in filter > > File "gluon/tools.py", line 1664, in f > > File "E:/web2py/applications/mug/controllers/admin.py", line 246, in > > profile > > File "gluon/sql.py", line 1842, in insert > > File "gluon/sql.py", line 1817, in _insert > > SyntaxError: invalid field names: ['uid'] > > . > > I have tried 'uid' 'userid' and 'user_id' as names for the field > > I cannot reproduce this problem. Can you email me a minimal program to > help me reproduce it? > > > It actually makes sense that I cannot just add 'form.vars.uid = 2' > > before the insert, because then couldn't a resourceful hacker just > > hand-create a URL that would write to database fields that weren't in > > the form? > > This is a good point. The accepts function prevents that. Any code > after after accepts should be able to insert fields > > > > > Karl > > > > > > Karl
-- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web...@googlegroups.com. To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
