On Sat, Mar 25, 2006 at 11:15:17PM +0800, limodou wrote: > On 3/25/06, PythonistL <[EMAIL PROTECTED]> wrote: > > Is it possible to have a field in a form that a user can not edit? > > I think django doesn't support these input attribute, so you should > extend the code or write the html code manually, just like:
Don't forget that just changing the html code has nothing to do with properly securing your application --- you've got to make sure in the view code that an attacker can't bypass the html and try to submit new contents for those input variables. Validation of user input ***MUST*** always be done on the server-side and not JUST in the html code / javascript at the browser!! -- Glenn Tenney --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
