if not len(record): or:
query=db(db.adres.id==record_id) if query.count() == 0: and then: row = query.select(field)[0] On 22 Maj, 11:45, annet <[email protected]> wrote: > I have my authentication, authorization, create and read functions > working, however, I don't get update and delete function to function > without flaws. The problem lies in the fact that the vistor can tamper > with the URL in the browser's address bar. > > In a view I have got: > > <td> > {{=A(row.adressoort,_href=URL(r=request,f='update_address',args= > [row.id]))}} > </td> > > The update_address function reads like: > > @auth.requires_membership('user_3') > def update_address(): > record_id=request.args[0] > record=db(db.adres.id==record_id).select(db.adres.bedrijf) > if record==[]: > redirect(URL(r=request,f='crud_address')) > elif not record[0].bedrijf==auth.user.bedrijf: > redirect(URL(r=request,f='crud_address')) > form=crud.update(db.adres,request.args[0]) > return dict(form=form) > > When the user clicks the link in the view the correct record is > displayed, when the user tampers the arg in the URL two things happen: > if he changes the arg to a record_id of an existing record the elif > redirects to the crud_address function, however, when he changes the > arg to a record_id that is not in the database the following error > ticket is issued: > > Traceback (most recent call last): > File "/Library/Python/2.5/site-packages/mockpy/gluon/restricted.py", > line 98, in restricted > File "/Users/iannet/mockpy/applications/mock/controllers/crud.py", > line > 41, in <module> > File "/Library/Python/2.5/site-packages/mockpy/gluon/globals.py", > line > 75, in <lambda> > File "/Users/iannet/mockpy/gluon/tools.py", line 1049, in f > return action(*a, **b) > File "/Users/iannet/mockpy/applications/mock/controllers/crud.py", > line > 31, in update_address > elif not record[0].bedrijf==auth.user.bedrijf: > File "/Library/Python/2.5/site-packages/mockpy/gluon/sql.py", line > 2109, > in __getitem__ > SyntaxError: SQLRows: no such row > > So, if record==[]: is the cause of a syntax error, what is the correct > syntax of this statement? > > Kind regards, > > Annet. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
