Yes, the hidden input values do seem to appear in request.post_vars. I call form.accepts(), like so: form.accepts(request.post_vars, formname=None)
And even so, only the non-hidden field is saved to the database. On Oct 25, 12:43 pm, mdipierro <[email protected]> wrote: > The hidden fields will be in request.vars but not in form.vars because > accepts does not know they are supposed to be there and protects you > from injection attacks. > > You can also try use this: > > form=SQLFORM(....,hidden=dict(key='value')) > > Massimo > > On Oct 24, 11:39 pm, Ruiwen Chua <[email protected]> wrote: > > > > > > > > > Apologies, I wasn't clear. I meant that the form in the view is static > > HTML and not generated by SQLFORM. > > > However, in the action that receives the POST, I instantiate a new > > SQLFORM for that model and pass request.post_vars to it. > > > On Oct 25, 12:30 pm, mdipierro <[email protected]> wrote: > > > > if you use > > > > form.accepts() > > > > what is form if you do not use FORM or SQLFORM? > > > > On Oct 24, 11:27 pm, Ruiwen Chua <[email protected]> wrote: > > > > > Hi all, > > > > > I have created a manual HTML form (not FORM() or SQLFORM()) that has a > > > > few hidden fields (ie. <input type="hidden">..) > > > > > When this form posts back to the controller, form.accepts() returns > > > > True, but only the non-hidden field (there is only one, the rest are > > > > hidden) is saved to the database. The other fields all get saved as > > > > NULL. > > > > > Is there something I'm missing? > > > > > Thanks
