In "By the way, what is your circumstance which need user to create a function to manipulate data in db? Sounds vulnerable. " and in "Thus the customer can create or modify their own function to manipulate other data in the database. "
I believe "customer" / "user" really refers to 'developer", not "end user", not "customer" i.e I believe BerXu meant to say "Thus the developer can create or modify their own function to manipulate other data in the database. ' I hope my guess is correct... On May 25, 9:28 pm, Iceberg <[email protected]> wrote: > This is not identical to your request, but if you can accept "app > developer (you) create your own function, user submit data", you can > try the accepts(...,onvalidation=callback) > > By the way, what is your circumstance which need user to create a > function to manipulate data in db? Sounds vulnerable. > > On May26, 7:53am, BearXu <[email protected]> wrote: > > > > > can we design a custom column that can save a function in it? > > Thus the customer can create or modify their own function > > to manipulate other data in the database. > > > So such kind of field saves the code instead of the value. > > > 2009/5/25 mdipierro <[email protected]> > > > > formula? > > > > On May 25, 1:16 pm, BearXu <[email protected]> wrote: > > > > Can I save a formula in it? > > > > > 2009/5/25 mdipierro <[email protected]> > > > > > > you are right. it was just an example > > > > > > On May 25, 12:45 am, Alexey Nezhdanov <[email protected]> wrote: > > > > > > I think that's handy. Dropping cross-db compartibility is bad > > > > > > indeed, > > > > > > but you just need to have a big warning in the place where user have > > > > > > to make that choice. > > > > > > > Also - I don't think that you can safely replace ' with " on pickled > > > > > > object. Most likely you are ruining it. Either proper sql escaping > > > > > > should be introduced or better yet - base64 encoding. If I am not > > > > > > mistaken - pickled objects are binary. > > > > > > > On May 25, 9:17 am, mdipierro <[email protected]> wrote: > > > > > > > > I do not know if this is a good idea and I'd like to hear your > > > > > > > opinions: > > > > > > > I have added in trunk to define custom column types > > > > > > > > Here is an example of usage: > > > > > > > > import cPickle > > > > > > > from gluon.sql import SQLCustomType > > > > > > > from decimal import Decimal > > > > > > > > decimal = SQLCustomType(native='NUMERIC(10,2)',decoder=(lambda x: > > > > > > > Decimal(str(x)))) > > > > > > > > pickable = SQLCustomType(type='text',encoder=(lambda x: > > > > > > > "'%s'"%cPickle.dumps(x).replace("'","''")),decoder=(lambda x: > > > > > > > cPickle.loads(x))) > > > > > > > > db.define_table('test', > > > > > > > SQLField('my_decimal',type=decimal), > > > > > > > SQLField('my_pickle',type=pickable)) > > > > > > > > the SQLCustomType constructor takes the following arguments: > > > > > > > - type indicates how web2py sqlform should treat this field > > > > > > > - native indicates how the database should treat this field > > > > > > > - encoder indicates how to represent (and escape) a value in SQL > > > > > > > - decoder indicates how to process the value once it is extracted > > > from > > > > > > > the database > > > > > > > > It seems to work well with migrations. Of course using native=.... > > > > > > > makes the custom table not portable across databases. > > > > > > > > The implementation is not very clean but can be improved. > > > > > > > > Is this a good idea? > > > > > > > > Massimo --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
