>
> Hope this better answers your question,
> Matt
Matt,
Indeed it does. Thank you!
I guess a bit of the frustrating part of learning Django here
is stumbling across the sites that explain how to do various
tidbits of functionality, and then slide in some variant [*1*]
of "But one would never do this on a production site." warning.
I think to myself "But this is *exactly* the functionality I need."
So, uh, what *should* I do differently then? Or, um, OK, so,
why not take the next step in the write-up and tell me what the
best practice is so I *can* "do this in a production setting."
I read chapter 20. And when I was done, I had an inkling that
Django escaped my user data when it went to HTML output. Good.
And I read where "Django's API does this [escape SQL] for you".
But what wasn't clear to me was how much *more* I really should do.
How worried should I be? Should I write better form cleaning and
validating functions? Should I write custom save() functions to
search for SQL or script hacks? That sort of thing.
And from the sounds of it, you are saying Django has taken large and
likely sufficient steps already. Most excellent! And thank you!
Thanks,
jdl
[*1*] Off hand examples:
http://lethain.com/entry/2007/dec/01/using-jquery-django-autocomplete-fields/
http://lethain.com/entry/2008/sep/21/intro-to-unintrusive-javascript-with-django/
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
