Cool. I'll to some work on this and check back to make sure it's not insecure.
On Nov 12, 7:27 am, Masklinn <[email protected]> wrote: > On 2010-11-12, at 13:20 , Ed wrote: > > > > > It seems simple from a SQL point of view, but I'm wondering what the > > best implementation would be from to go from a django form to MySQL. > > The above is an example. In practice, I would want to dynamically > > populate the filter criteria/fields. Any suggestions on a starting > > point? > > Create a strict translator (remember that your users can and will try to > bypass/exploit whatever you give them, including selects) from whatever your > form returns to a dict, which will be sent to .filter as a **kwargs? -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
