On Jan 15, 12:13 pm, kbochert <[email protected]> wrote: > Error traceback > > Traceback (most recent call last): > File "gluon/restricted.py", line 173, in restricted > File "E:/web2py/applications/mug/controllers/admin.py", line 325, in > <module> > File "E:/web2py/applications/mug/models/db.py", line 139, in filter > File "gluon/tools.py", line 1664, in f > File "E:/web2py/applications/mug/controllers/admin.py", line 246, in > profile > File "gluon/sql.py", line 1842, in insert > File "gluon/sql.py", line 1817, in _insert > SyntaxError: invalid field names: ['uid'] > . > I have tried 'uid' 'userid' and 'user_id' as names for the field
I cannot reproduce this problem. Can you email me a minimal program to help me reproduce it? > It actually makes sense that I cannot just add 'form.vars.uid = 2' > before the insert, because then couldn't a resourceful hacker just > hand-create a URL that would write to database fields that weren't in > the form? This is a good point. The accepts function prevents that. Any code after after accepts should be able to insert fields > > Karl > > On Jan 15, 9:46 am, mdipierro <[email protected]> wrote: > > > What is the traceback? Is this an OperationalError or RuntimeError. > > It is possible that the database does not like the field name 'uid'. I > > do not think this is a web2py error. > > > On Jan 15, 11:35 am, kbochert <[email protected]> wrote: > > > > No good. > > > > It hides the field correctly but again after: > > > form.vars.uid = 2 # set the uid explicitly > > > the call > > > db.client.insert(**dict(form.vars)) > > > complains that 'uid' is an invalid field name > > > > It appears that SQLFORM is just not prepared to accept a field that > > > it didn't display. > > > > Karl > > > > On Jan 15, 9:18 am, mdipierro <[email protected]> wrote: > > > > > You can change > > > > > db.client.uid.readbale=True or False > > > > > where you need it, for example in the action before form=. > > > > > Massimo > > > > > On Jan 15, 11:08 am, kbochert <[email protected]> wrote: > > > > > > Is it possible to use SQLFORM to generate forms which show different > > > > > fields? > > > > > > I.E. I have a model: > > > > > > db.define_table('client', > > > > > Field('uid', auth_user), > > > > > Field('name', 'string'), > > > > > migrate = 'client.table' > > > > > ) > > > > > > I want a page which the client uses that hides the 'uid' field, which > > > > > gets filled in automatically by the controller. > > > > > A different page accessible to the superuser shows the field normally. > > > > > > I tried: > > > > > db.define_table('client', > > > > > Field('uid', 'string', readable=False, writable=False), > > > > > Field('name', 'string'), > > > > > migrate = 'client.table' > > > > > ) > > > > > > with > > > > > form = SQLFORM(db.client, _id='profile_table') > > > > > if form.accepts(request.vars, session, dbio=False): > > > > > form.vars.uid = 2 > > > > > form.vars.id = db.client.insert(**dict(form.vars)) > > > > > > and get the error > > > > > SyntaxError: invalid field names: ['uid'] > > > > > > The other approach I tried was to remove the 'readable' and 'writable' > > > > > from the model (But won't those prevent the superuser's page from > > > > > showing the 'uid' field??) and using the 'fields' parameter in the > > > > > SQLFORM call to explicitly set the fields I wanted to see. Same > > > > > result- the accepts() method rejects the added 'uid' var. > > > > > > Finally I tried using the 'onvalidation' parameter. Same result. > > > > > > Is there a way to do this?? > > > > > Karl > >
-- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.

