Re: search db & if sequences

Sun, 24 Jan 2010 10:54:34 -0800 

On Sun, Jan 24, 2010 at 1:05 PM, mehdi0016 <mese1...@gmail.com> wrote:

> hi
> i'm new with python and django and i work on search page of my site.
> in my html search form, user can choose table(or field) which want to
> search. in server-side i use sequences of 'if' to find chosen table(or
> field) and related django model.
> ...
> #here i assume searched fields have the same name('title')
> q = requst.GET['query']
> tbl = requst.GET['table']
> if tbl == 'Book':
>    result = Book.objects.filter(title__icontains=q)
> if tbl == 'Author':
>    result = Author.objects.filter(title__icontains=q)
> ...
> now is there any way to reduce or eliminate 'if' sequences?
> i test this and it works:
> ...
> tbl = eval(requst.GET['table'])
> ...
> but i'm not sure that is best way?
>

Not only is that not the best way, but may well be the worst. Consider:

>>> print requst.GET['table']
"select os; os.system('rm -rf /')"

You should never eval() data from a user.

What is surely better might be something like:

tables = {"Author": Author,
                "Book": Book,}

if requst.GET['table']  in tables:
   matches =
tables[requst.GET['table']].objects.filter(title__icontains=requst.GET['query'])

You can make this more sophisticated and even allow them to select the
field, or just search them all.

Hope that helps!

-Doug



> thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com<django-users%2bunsubscr...@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Reply via email to