By default, form.accepts() does the insert automatically (unless you set dbio=False), and your redirect doesn't happen until after the insert.
Anthony On Tuesday, July 17, 2012 12:38:02 AM UTC-4, Pystar wrote: > > I have a controller that presents a form, but I put a constraint that if > the user is not logged on (checked using auth.is_logged_in()) the entered > form data should not be inserted but the user should be directed to the > login form. But to my surprise, if the user is redirected to the logged in > form and without logging in, returns back to the index page, the data would > have been inserted into the database which shouldnt be so. What am I doing > wrong here? > > Code snippet > > def index(): > form = SQLFORM(db.post) > if form.accepts(request.vars, session, hideerror=True, > keepvalues=False): > if auth.is_logged_in(): > pass > else: > session.flash="You have to be logged on to post stuff!" > redirect(URL(f="user", args="login")) > elif form.errors: > redirect(URL(f="index")) > rows = db().select(db.post.ALL, orderby=db.post.timestamp) > return locals() > --
