That code doesn't work for me, I get :<type 'exceptions.KeyError'> 'mytablename'
'mytablename', 'myfield' are string vars. I don't really have a table called 'mytablename'. On Sunday, October 21, 2012 7:39:50 PM UTC+1, Massimo Di Pierro wrote: > > You should not do this: > > orderby=mytablename+'.'+myfield+' '+myorder+','+mytablename+'.id' > > You should instead use one of the following > > orderby=db.mytablename.myfield|db.mytablename.id > orderby=~db.mytablename.myfield|db.mytablename.id > orderby=db[mytablename][myfield]|db[mytablename].id > orderby=~db[mytablename][myfield]|db[mytablename].id > > This may be vulnerable to SQL Injection > > orderby=mytablename+'.'+myfield+' '+myorder+','+mytablename+'.id' > > > On Sunday, 21 October 2012 12:52:38 UTC-5, apinho wrote: >> >> Ok, >> >> found the answer. By adding 'id' as an orderby field, the order of the >> rows if never changed, even if the original orderby field is not unique : >> >> rows = db().select( >> mytable.ALL, >> orderby=mytablename+'.'+myfield+' '+myorder+','+mytablename+ >> '.id', >> limitby=(page*ITEMSPERPAGE-ITEMSPERPAGE,page*ITEMSPERPAGE) >> ) >> >> On Sunday, October 21, 2012 6:19:16 PM UTC+1, apinho wrote: >>> >>> Hi, >>> >>> I'm using this query : >>> rows = db().select( >>> mytable.ALL, >>> orderby=mytablename+'.'+myfield+' '+myorder, >>> limitby=(page*ITEMSPERPAGE-ITEMSPERPAGE,page*ITEMSPERPAGE) >>> ) >>> 'myorder' is either 'asc' or 'desc. 'mytable', 'myorderby' and 'myorder' >>> ar all string, that I get through request.vars... >>> >>> The DB is Postgresql. >>> >>> This works well when 'myfield' is unique within the DB. But when >>> 'myfield' has repeated values, running this same query, with the same >>> parameters doesn't always return the same set of rows. >>> >>> So the question is : When the orderby field is not enough to fully order >>> tables, cause the field has repeated values, what order does Web2py apply ? >>> Or, maybe, it's Postgre related, and not web2py ? >>> >>> thx >>> >>> >>> >>> >>> >> --
