1. That'll work, but you might want to be sure that they've actually
submitted with that button. Some browsers won't send a 'button' input
if the form was submitted by pressing the 'enter' key or via
javascript. I'd recommend my_dict.pop('submit', None) in order to
never have a keyerror (as long as you don't care which button was
pressed).
2. That sounds correct to me. The only thing I'd be careful about is
erroneous user input -- for instance if a user also inserted a 'id=5'
into their form, you might grab it from there. There is a way around
that which is...
3. Check out the form module here: http://webpy.org/cookbook/forms
Once you have a form object, you can use the 'd' attribute like a
dictionary that will only contain the values from that form. For
instance:
myform = Form(
Textbox('foo'),
Textbox('bar'),
Button('submit')
)
if not myform.validates(i):
#handle error. Now form has been filled with user input.
myform.d.pop('submit', None)
db.insert('table', **myform.d)
Hope this helps.
Cheers!
On May 14, 4:23 pm, FHSM <[email protected]> wrote:
> I've got a form where the field names match my DB columns. It looks
> like I should be able to dump this into the db.insert values and have
> it work, but I keep getting an error from the submit button in
> web.input. I have been able to solve the problem as follows:
> ...
> db = web.database(dbn='sqlite', db='testdatabase.db')
> ...
> def POST(self):
> my_dict = web.input()
> del my_dict['submit']
> db.insert('table', _test=False, **my_dict)
> ...
>
> I have three questions:
> 1) Is this del of the submit key from my_dict the best way to solve
> the database column miss-match problem?
>
> 2) The API docs only show passing a dictionary, instead of keyword
> value pairs, for multi insert, not insert. In that context it looks
> like the dictionary is passed into multiple_insert as values=my_dict
> not **my_dict. I was unable to make values=my_dict work. Am I doing
> something wrong by using the ** operator?
>
> 3) How can I sanitize user input? I cannot find anything in the docs
> about it.
>
> Thanks for the help.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web.py" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/webpy?hl=en
-~----------~----~----~----~------~----~------~--~---
