Day 2 with tg, and I'm still playing around with the framework. I'm
trying to implement a generic search for a model based on SQLObject,
that would work like this:
foo/Search?searchBy=name&search=something
so that the controller's Search method would look like this:
def Search(self, searchBy, search):
result = foo.selectBy(searchBy=search)
Obviously, this doesn't work as written, apparently because searchBy
is a string, and selectBy expects *some other type*.
This works, though:
def Search(self,searchBy,search):
where = "%s='%s'" % (searchBy, search)
result = foo.select(where)
But makes me scream "SQL INJECTION!!!! RUN AWAY!!!"
So... what's the "correct" approach here? Thanks!
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
