Hmmm... No, the problem here is that form.validate fails because it lacks the 'xyzzy' field. I have to somehow get that field into its vars BEFORE the validate is called. I thought I understood this form stuff, but this is the aspect that is still getting me.
1. I tried overriding xyzzy.requires, making it None. No effect. 2. I tried editing the table so that xyzzy.requires no longer exists at the table level. Still fails validation. 3. I tried adding the value for xyzzy into the request.post_vars before calling validate. No joy. 4. Ditto for request.vars. 5. Ditto for form.vars. 6. I tried adding a default for xyzzy before calling validate. No joy. Just when I think I know what's going on -- I'm proven wrong... again! Trascing thru the code as best I can with WingIDE, it looks like: 1. The field xyzzy is in the table, so web2py knows it exists. 2. The field is NOT in the form (in the non-hidden variants, anyway) and web2py knows this. 3. Since it isn't part of the form, the fact I included it as a variable is ignored. 4. For some reason I don't understand, the form still thinks a value for xyzzy is required, even tho that's been changed, It looks like there's still some kind of "length" requirement on the field even tho I've removed the requires. -- Joe On Monday, August 12, 2013 6:30:35 AM UTC-7, Anthony wrote: > > > Take the field "xyzzy" for example (not its real name). It is a string >> field and it's not even needed on the form since i know its value from >> auth.user. So I left it off the form thinking I could populate it either >> before or after displaying the form. Well, I can't set its default before >> generating the form, because I didn't include it in the form itself, ergo, >> no place for the default value. >> > > If you know the value at time of submission, you can set the default value > for the field in the club_edit table: > > if form.validate(): > db.club_edit.xyzzy = auth.user.xyzzy # do this before the insert > into db.club_edit > > Now, when you make the insert into db.club_edit, the xyzzy field will get > the auth.user.xyzzy value. > > No problemo, I thought, I'll just check for request.post_vars before the >> form is validated, and stuff the values in there ahead of validation. >> Nope. Apparently I can't do that because again the form doesn't have the >> field so the validate logic never sees it. >> > > No, but you can put it into form.vars *after* validation: > > if form.validate(): > form.vars.xyzzy = auth.user.xyzzy > > Aha! I've got it! I'll include the var name as a "hidden" var on the >> form. It will show up in the fields as hidden, ride along to the browser, >> get returned with my value and all will be well. Right? Bzzzzt! Thanks >> for playing, but no. The hidden form won't fool the validator into >> accepting the form. >> > > From the book: > > form.accepts(...) is not intended to read the received hidden fields and > move them into form.vars. The reason is security. hidden fields can be > tampered with. > > > So, the hidden field will be in request.post_vars (and request.vars), but > form.validate() will not move it into form.vars -- you have to do that > explicitly: > > if form.validate(): > form.vars.xyzzy = request.post_vars.xyzzy > > Be careful with hidden fields, though -- they can be hacked. > > Anthony > > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
