Cool. I'll to some work on this and check back to make sure it's not insecure.
On Nov 12, 7:27 am, Masklinn <maskl...@masklinn.net> wrote: > On 2010-11-12, at 13:20 , Ed wrote: > > > > > It seems simple from a SQL point of view, but I'm wondering what the > > best implementation would be from to go from a django form to MySQL. > > The above is an example. In practice, I would want to dynamically > > populate the filter criteria/fields. Any suggestions on a starting > > point? > > Create a strict translator (remember that your users can and will try to > bypass/exploit whatever you give them, including selects) from whatever your > form returns to a dict, which will be sent to .filter as a **kwargs? -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
