Yes, sorry - i've checked. I always used len().
On 22 Maj, 19:28, mdipierro <[email protected]> wrote:
> I repeat
>
> if not record:
>
> On May 22, 12:22 pm, Kacper Krupa <[email protected]> wrote:
>
> > if not len(record):
>
> > or:
>
> > query=db(db.adres.id==record_id)
>
> > if query.count() == 0:
>
> > and then: row = query.select(field)[0]
> > On 22 Maj, 11:45, annet <[email protected]> wrote:
>
> > > I have my authentication, authorization, create and read functions
> > > working, however, I don't get update and delete function to function
> > > without flaws. The problem lies in the fact that the vistor can tamper
> > > with the URL in the browser's address bar.
>
> > > In a view I have got:
>
> > > <td>
> > > {{=A(row.adressoort,_href=URL(r=request,f='update_address',args=
> > > [row.id]))}}
> > > </td>
>
> > > The update_address function reads like:
>
> > > @auth.requires_membership('user_3')
> > > def update_address():
> > > record_id=request.args[0]
> > > record=db(db.adres.id==record_id).select(db.adres.bedrijf)
> > > if record==[]:
> > > redirect(URL(r=request,f='crud_address'))
> > > elif not record[0].bedrijf==auth.user.bedrijf:
> > > redirect(URL(r=request,f='crud_address'))
> > > form=crud.update(db.adres,request.args[0])
> > > return dict(form=form)
>
> > > When the user clicks the link in the view the correct record is
> > > displayed, when the user tampers the arg in the URL two things happen:
> > > if he changes the arg to a record_id of an existing record the elif
> > > redirects to the crud_address function, however, when he changes the
> > > arg to a record_id that is not in the database the following error
> > > ticket is issued:
>
> > > Traceback (most recent call last):
> > > File "/Library/Python/2.5/site-packages/mockpy/gluon/restricted.py",
> > > line 98, in restricted
> > > File "/Users/iannet/mockpy/applications/mock/controllers/crud.py",
> > > line
> > > 41, in <module>
> > > File "/Library/Python/2.5/site-packages/mockpy/gluon/globals.py",
> > > line
> > > 75, in <lambda>
> > > File "/Users/iannet/mockpy/gluon/tools.py", line 1049, in f
> > > return action(*a, **b)
> > > File "/Users/iannet/mockpy/applications/mock/controllers/crud.py",
> > > line
> > > 31, in update_address
> > > elif not record[0].bedrijf==auth.user.bedrijf:
> > > File "/Library/Python/2.5/site-packages/mockpy/gluon/sql.py", line
> > > 2109,
> > > in __getitem__
> > > SyntaxError: SQLRows: no such row
>
> > > So, if record==[]: is the cause of a syntax error, what is the correct
> > > syntax of this statement?
>
> > > Kind regards,
>
> > > Annet.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
