There is nothing wrong in the /1/2/3 but I do not see where you use that in the code. I see a lot of repeated and un-necessary selects. I suspect you can simplify your code a lot.
Can you explain in words what you want to achieve? On Jan 19, 10:53 pm, web-dev-m <[email protected]> wrote: > Currently, in my application, I am passing navigational links in the > header, such as /app/controller/view/1/2/3 > > Where 1/2/3 are things the controller and view use to set the correct > page. > > In my application, I am finding two problems with this. First is > security. Although I have written validation on my controllers (I > hope), I just worry that with more users some malicious person will > find a way to get access they shouldn't. > > Second and more urgent is my application broke when I tried to write > my first ajax function, I assume because the navigational variables > are competing with the ajax variables somehow. I say this because > when I make the controller empty and just return a dict everything > works as normal. However, when I have the controller look for > variables in request.vars and I then try to call an ajax function, it > breaks hideously. > > I don't claim to be a great programmer, so it could definitely be a > convention I am not following. > > Has anyone had this problem before? How did you solve it? Should I > pass my request.vars into the session and then have the view call > them? > > I read in the book that I can do ajax trapping and I haven't tried > that yet, but I didn't think it would be necessary since I could make > it work without it. I will try it, but regardless I would love to get > some feedback. > > for clarity, my code causing problems is below: > > def my_func(): > if request.args: > #First, I check to see if there is a record, if there is, I > get some information. > check=db(db.mydb.id==request.args(0)).select().first() > if check !=None: > records=db(db.mydb.id==request.args(0)).select() > row = db(db.mydb.id==request.args(0)).select().first() > counter=len(records) > #if it isnt, I make it with a function > else: > row = db(db.mydb.id==request.args(0)).select().first() > my_id=row.id > (filename, stream) = > db.mydb.myfield.retrieve(row.resourcefield) > myfunc(id,filename,stream) > records=db(db.mydb.id==request.args(0)).select() > counter=len(records) > pass > #if there is no specific document request, generate a list of > available files > else: > redirect(URL('mycontroller','this_function')) > return(counter=counter, records=records, row=row) > > def myajaxfunc(): > form=SQLFORM(db.mydb2, _action="myajaxfunc") > if form.errors: > session.flash="Error: " + str(form.errors) > return XML(form) > > my view: > > {{for i in range(1,5):}} > <div id="my_div" onclick="ajax('myajaxfunc',[''], > 'mytarget_{{=str(i)}}')">Click me to add a note</div> > <div id="mytarget_{{=str(i)}}"></div> > {{pass}}
