Error traceback Traceback (most recent call last): File "gluon/restricted.py", line 173, in restricted File "E:/web2py/applications/mug/controllers/admin.py", line 325, in <module> File "E:/web2py/applications/mug/models/db.py", line 139, in filter File "gluon/tools.py", line 1664, in f File "E:/web2py/applications/mug/controllers/admin.py", line 246, in profile File "gluon/sql.py", line 1842, in insert File "gluon/sql.py", line 1817, in _insert SyntaxError: invalid field names: ['uid'] . I have tried 'uid' 'userid' and 'user_id' as names for the field
It actually makes sense that I cannot just add 'form.vars.uid = 2' before the insert, because then couldn't a resourceful hacker just hand-create a URL that would write to database fields that weren't in the form? Karl On Jan 15, 9:46 am, mdipierro <[email protected]> wrote: > What is the traceback? Is this an OperationalError or RuntimeError. > It is possible that the database does not like the field name 'uid'. I > do not think this is a web2py error. > > On Jan 15, 11:35 am, kbochert <[email protected]> wrote: > > > No good. > > > It hides the field correctly but again after: > > form.vars.uid = 2 # set the uid explicitly > > the call > > db.client.insert(**dict(form.vars)) > > complains that 'uid' is an invalid field name > > > It appears that SQLFORM is just not prepared to accept a field that > > it didn't display. > > > Karl > > > On Jan 15, 9:18 am, mdipierro <[email protected]> wrote: > > > > You can change > > > > db.client.uid.readbale=True or False > > > > where you need it, for example in the action before form=. > > > > Massimo > > > > On Jan 15, 11:08 am, kbochert <[email protected]> wrote: > > > > > Is it possible to use SQLFORM to generate forms which show different > > > > fields? > > > > > I.E. I have a model: > > > > > db.define_table('client', > > > > Field('uid', auth_user), > > > > Field('name', 'string'), > > > > migrate = 'client.table' > > > > ) > > > > > I want a page which the client uses that hides the 'uid' field, which > > > > gets filled in automatically by the controller. > > > > A different page accessible to the superuser shows the field normally. > > > > > I tried: > > > > db.define_table('client', > > > > Field('uid', 'string', readable=False, writable=False), > > > > Field('name', 'string'), > > > > migrate = 'client.table' > > > > ) > > > > > with > > > > form = SQLFORM(db.client, _id='profile_table') > > > > if form.accepts(request.vars, session, dbio=False): > > > > form.vars.uid = 2 > > > > form.vars.id = db.client.insert(**dict(form.vars)) > > > > > and get the error > > > > SyntaxError: invalid field names: ['uid'] > > > > > The other approach I tried was to remove the 'readable' and 'writable' > > > > from the model (But won't those prevent the superuser's page from > > > > showing the 'uid' field??) and using the 'fields' parameter in the > > > > SQLFORM call to explicitly set the fields I wanted to see. Same > > > > result- the accepts() method rejects the added 'uid' var. > > > > > Finally I tried using the 'onvalidation' parameter. Same result. > > > > > Is there a way to do this?? > > > > Karl
-- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
