Thanks for letting us know. :-) On Jan 15, 2:22 pm, kbochert <[email protected]> wrote: > Fixed. In my playing around I had tried passing a field list to > SQLFORM. I had gotten db.client.fields, and used a subroutine to > remove 'userid' from the list. > Of course db.client.fields was passed by reference....... > > Thanks again > Karl > > On Jan 15, 11:31 am, mdipierro <[email protected]> wrote: > > > On Jan 15, 12:13 pm, kbochert <[email protected]> wrote: > > > > Error traceback > > > > Traceback (most recent call last): > > > File "gluon/restricted.py", line 173, in restricted > > > File "E:/web2py/applications/mug/controllers/admin.py", line 325, in > > > <module> > > > File "E:/web2py/applications/mug/models/db.py", line 139, in filter > > > File "gluon/tools.py", line 1664, in f > > > File "E:/web2py/applications/mug/controllers/admin.py", line 246, in > > > profile > > > File "gluon/sql.py", line 1842, in insert > > > File "gluon/sql.py", line 1817, in _insert > > > SyntaxError: invalid field names: ['uid'] > > > . > > > I have tried 'uid' 'userid' and 'user_id' as names for the field > > > I cannot reproduce this problem. Can you email me a minimal program to > > help me reproduce it? > > > > It actually makes sense that I cannot just add 'form.vars.uid = 2' > > > before the insert, because then couldn't a resourceful hacker just > > > hand-create a URL that would write to database fields that weren't in > > > the form? > > > This is a good point. The accepts function prevents that. Any code > > after after accepts should be able to insert fields > > > > Karl > > > > > > > Karl > >
-- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
