Okay. You seem to be rather confused about the django approach to things I'm afraid.
(a) You use raw sql instead of django's ORM mapper. That's okayish, but then you're on your own for building your queries and have to manually do validation and escaping and whatnot, which is, as you noticed, a pain in the behind. (b) You chose to manually build and parse the form. That's okayish, but then you're on your own validating user input. I strongly suggest you read up on django models (https://docs.djangoproject.com/en/1.4/topics/db/models/) and django forms (https://docs.djangoproject.com/en/1.4/topics/forms/), which will do most of what you want without you reimplementing everything from scratch. What you've shown looks more like some converted php code than a native django application. -- You received this message because you are subscribed to the Google Groups "Django users" group. To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/5crW4d611CcJ. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.