On Sun, Jan 24, 2010 at 1:05 PM, mehdi0016 <[email protected]> wrote:
> hi
> i'm new with python and django and i work on search page of my site.
> in my html search form, user can choose table(or field) which want to
> search. in server-side i use sequences of 'if' to find chosen table(or
> field) and related django model.
> ...
> #here i assume searched fields have the same name('title')
> q = requst.GET['query']
> tbl = requst.GET['table']
> if tbl == 'Book':
> result = Book.objects.filter(title__icontains=q)
> if tbl == 'Author':
> result = Author.objects.filter(title__icontains=q)
> ...
> now is there any way to reduce or eliminate 'if' sequences?
> i test this and it works:
> ...
> tbl = eval(requst.GET['table'])
> ...
> but i'm not sure that is best way?
>
Not only is that not the best way, but may well be the worst. Consider:
>>> print requst.GET['table']
"select os; os.system('rm -rf /')"
You should never eval() data from a user.
What is surely better might be something like:
tables = {"Author": Author,
"Book": Book,}
if requst.GET['table'] in tables:
matches =
tables[requst.GET['table']].objects.filter(title__icontains=requst.GET['query'])
You can make this more sophisticated and even allow them to select the
field, or just search them all.
Hope that helps!
-Doug
> thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected]<django-users%[email protected]>
> .
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
