Ok, Thanks a lot.
On 17 ene, 11:00, Anthony <abasta...@gmail.com> wrote:
> > I made a modifications in my script:
> > def list_records():
> > expresion = 'list_records'
> > table = request.args(0)
> > query = request.vars.query
> > pos = query.find(expresion)
>
> > if pos >= 0:
> > pos = pos + len(expresion)
> > query= query[pos:]
> > q = db(query)
> > records = q.select()
> > else:
> > records = T('record does not exist')
> > return dict(records=records,table=pos,query=query)
>
> > But I get the same error:
>
> > <type 'exceptions.AttributeError'> 'str' object has no attribute
> > 'ignore_common_filters'
>
> Same problem -- in db(query), query must be a Query object, but in your
> case it is just a string. You would have to do something like
> db(eval(query)), but that would be a security risk because you don't know
> what is in query. Instead, it's probably safer to parse the query itself
> and look for the table and id in the query -- confirm the table exists in
> db, and then build the actual query yourself.
>
> Anthony
