[web2py:33431] Re: dynamic orderby in t3

Thu, 22 Oct 2009 10:22:51 -0700 

Thx.  This is what worked for me:

{{fields=['subject', 'authorEditor', 'publicationDate', 'publisher',
'collectionType', 'keyWords', 'notes', 'callNumber',
'publicationSource', 'holdings', 'physicalPlacement']}}
{{=self.itemize0(db.qpac, query=request.vars._query or '' ,
orderby=db.qpac[request.vars._orderby] if request.vars._orderby in
fields else db.qpac.subject, nitems=12, titems='n'))}}

-wes

On Thu, Oct 22, 2009 at 11:10 AM, mdipierro <[email protected]> wrote:
>
> no I think it is passing working and passing
>
> request.vars._orderby = 'db.qpac.subject'
>
> but it should be
>
> request.vars._orderby == 'qpac.subject'
>
> Mind that this code is vulnerable to SQL Injections. I would pass just
> the table name
>
> request.vars._sorttablename== 'subject'
>
> validate it and then do
>
> ...select(....,orderby=db.qpac[request.vars._sorttablename])
>
>
>
> On Oct 22, 11:55 am, Wes James <[email protected]> wrote:
>> I'm trying to allow people to select a column to sort by in t3.
>>
>> {{=self.itemize0(db.qpac, query=request.vars._query or '' ,
>> orderby=request.vars._orderby or db.qpac.subject, nitems=12)}}
>>
>> I have an html input hidden field call _orderby, but orderby likes the
>> actual db.qpac.subject and not a string from request.vars._orderby
>> since I keep getting:
>>
>>  File "/opt/web2py/gluon/sql.py", line 772, in <lambda>
>>     self._execute = lambda *a, **b: self._cursor.execute(*a, **b)
>> OperationalError: no such column: db.qpac.subject
>>
>> I set the _orderby with a jqeury call and then submit the form with
>> the new sort field.
>>
>> I can't seem to do db.qpac[0] to get at a field name either or I could
>> access the field via index.  How do you also programmatically access
>> db.table.FIELDS?
>>
>> thx,
>>
>> -wes
> >
>

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to