On Sun, Jan 24, 2010 at 1:05 PM, mehdi0016 <mese1...@gmail.com> wrote:
> hi > i'm new with python and django and i work on search page of my site. > in my html search form, user can choose table(or field) which want to > search. in server-side i use sequences of 'if' to find chosen table(or > field) and related django model. > ... > #here i assume searched fields have the same name('title') > q = requst.GET['query'] > tbl = requst.GET['table'] > if tbl == 'Book': > result = Book.objects.filter(title__icontains=q) > if tbl == 'Author': > result = Author.objects.filter(title__icontains=q) > ... > now is there any way to reduce or eliminate 'if' sequences? > i test this and it works: > ... > tbl = eval(requst.GET['table']) > ... > but i'm not sure that is best way? > Not only is that not the best way, but may well be the worst. Consider: >>> print requst.GET['table'] "select os; os.system('rm -rf /')" You should never eval() data from a user. What is surely better might be something like: tables = {"Author": Author, "Book": Book,} if requst.GET['table'] in tables: matches = tables[requst.GET['table']].objects.filter(title__icontains=requst.GET['query']) You can make this more sophisticated and even allow them to select the field, or just search them all. Hope that helps! -Doug > thanks > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-us...@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com<django-users%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.