On Fri, Dec 09, 2005 at 06:43:06PM -0500, Karl Guertin wrote:
>
> On 12/9/05, midtoad <[EMAIL PROTECTED]> wrote:
> > If the issue is that your field name is being determined
> > programatically, so you don't know it ahead of time, you could always
> > use the following:
> > data = eval("record.%" % (fieldname,))
>
> That is the issue here. getattr is the standard way to handle this
> problem. Using eval is a lot less efficient than using getattr, which
> is just a dictionary lookup.And it's dangerous if the user can modify fieldname in any way: fieldname = "field; AllDatabaseObjects.remove()" Ok, so that wouldn't work, but you get the idea. Jason -- If you understand, things are just as they are. If you do not understand, things are just as they are.
pgpqucKVYfPBA.pgp
Description: PGP signature
