I'm also aware of trickiness of eval() methods,
so,, I could solve the problem in this way
"
profile_fields = "email email_backup brother sister".split()
for key in profile_fields:
getattr(request.user.get_profile(), key)
"
And, it works well.
Really approciate you both. :)
On 5월28일, 오전8시56분, "Russell Keith-Magee" <[EMAIL PROTECTED]>
wrote:
> On 5/27/07, EL AATIFI Sidi Mohamed <[EMAIL PROTECTED]> wrote:
>
>
>
> > > - The eval() technique suggested in another reply may work, but isn't
> > > really a good practice. eval() exists to make interactive prompts
> > > possible, not as a general programming technique. There is no
> > > protection on what eval() will do, so if an attacker can modify the
> > > string that is being eval()'d, they have complete access to your
> > > system. This is obviously very bad practice on a public-facing
> > > interface, like a web site.
>
> > I agree completely.
> > It should just be noted that in this case, there is no way to change the
> > expression passed to eval. Secondly getattr cannot in no case evaluate
> > an expression, or to reach a more deep fields.
>
> This may be the case, but using eval() for general programming is an
> extraordinarily habit to get into, there is almost always an
> alternative approach, and it _definitely_ doesn't need to be used in
> this case.
>
> Yours,
> Russ Magee %-)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
