On Monday, October 17, 2011 2:25:02 AM UTC-4, miroslavgojic wrote: > > > If I use HTML form or mentioned my example result is same. > *But how in HTML form get hidden fields, and ** > value="e0b5af7b-0cad-483b-979d-4f8b014e1d3a"** - and this value it is > changed after every form submit?* >
You should let web2py handle creating the _formkey, _formname, and _next hidden fields. We were only recommending manually coding the opening <form> tag, not the entire form. See http://web2py.com/book/default/chapter/07#Hidden-fields for more details about the hidden fields. They are generated by the form.accepts() method (which crud.create ultimately calls). The _formkey field, in particular, is a one-time token that is used to protect against double form submissions and cross-site request forgery attacks (the key is also stored in the session and must match the value stored in the session when submitted). Anthony
