I edited the code below, look for the lines that contain refereer
def update():
try:
dbname=request.args[0]
db=eval(dbname)
table=request.args[1]
except:
response.flash=T('invalid request')
redirect(URL(r=request,f='index'))
try:
id=int(request.args[2])
record=db(db[table].id==id).select()[0]
except:
session.flash=T('record does not exist')
redirect(URL(r=request,f='select',args=[dbname,table]))
form=SQLFORM(db[table],record,deletable=True,
linkto=URL(r=request,f='select',args=[dbname]),
upload=URL(r=request,f='download',args=[dbname]),
hidden=dict(refereer=request.vars.back or 'some/
where/else'))
if form.accepts(request.vars,session):
response.flash=T('done!')
redirect(request.vars.refereer)
return dict(form=form)
this is the calling action in controller default.py:
@t2.requires_login(next='login')
def provvedimenti_insert():
id=request.args[1]
linkto=URL(r=request,c='gestione',f='update',args=['db'],vars=dict
(refereer=request.path.info))
nomin=db(db.nominativi.id==id).select()
provv=db(db.provvedimenti.nominativi_id==id).select
(orderby=~db.provvedimenti.data)
nominativi=SQLTABLE(nomin,_class='sortable',headers=headers)
provvedimenti=SQLTABLE
(provv,linkto,_class='sortable',headers=headers)
return dict
(nominativi=nominativi,provvedimenti=provvedimenti,id=id)
anyway, I would not pass the dbname as args[0] and I would avoid
calling eval(dbname).
The url regex protects you but still this is not necessary.
Massimo
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
