> > Hope this better answers your question, > Matt Matt,
Indeed it does. Thank you! I guess a bit of the frustrating part of learning Django here is stumbling across the sites that explain how to do various tidbits of functionality, and then slide in some variant [*1*] of "But one would never do this on a production site." warning. I think to myself "But this is *exactly* the functionality I need." So, uh, what *should* I do differently then? Or, um, OK, so, why not take the next step in the write-up and tell me what the best practice is so I *can* "do this in a production setting." I read chapter 20. And when I was done, I had an inkling that Django escaped my user data when it went to HTML output. Good. And I read where "Django's API does this [escape SQL] for you". But what wasn't clear to me was how much *more* I really should do. How worried should I be? Should I write better form cleaning and validating functions? Should I write custom save() functions to search for SQL or script hacks? That sort of thing. And from the sounds of it, you are saying Django has taken large and likely sufficient steps already. Most excellent! And thank you! Thanks, jdl [*1*] Off hand examples: http://lethain.com/entry/2007/dec/01/using-jquery-django-autocomplete-fields/ http://lethain.com/entry/2008/sep/21/intro-to-unintrusive-javascript-with-django/ -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.