yes, that helps much.
but in my dynamic field searching issue, exact field name used by
filter method. even dictionary of fields not help there.
tables = {"Author": Author, "Book": Book,}
fields = {"Author":Author().first_name, "Book":Book().title}
if requst.GET['table'] in tables:
f = fields[requst.GET['field']]
matches = tables[requst.GET['table']].objects.filter
(f__icontains=requst.GET['query'])
thanks, Mehdi.
On Jan 24, 9:53 pm, Doug Blank <doug.bl...@gmail.com> wrote:
> On Sun, Jan 24, 2010 at 1:05 PM, mehdi0016 <mese1...@gmail.com> wrote:
> > hi
> > i'm new with python and django and i work on search page of my site.
> > in my html search form, user can choose table(or field) which want to
> > search. in server-side i use sequences of 'if' to find chosen table(or
> > field) and related django model.
> > ...
> > #here i assume searched fields have the same name('title')
> > q = requst.GET['query']
> > tbl = requst.GET['table']
> > if tbl == 'Book':
> > result = Book.objects.filter(title__icontains=q)
> > if tbl == 'Author':
> > result = Author.objects.filter(title__icontains=q)
> > ...
> > now is there any way to reduce or eliminate 'if' sequences?
> > i test this and it works:
> > ...
> > tbl = eval(requst.GET['table'])
> > ...
> > but i'm not sure that is best way?
>
> Not only is that not the best way, but may well be the worst. Consider:
>
> >>> print requst.GET['table']
>
> "select os; os.system('rm -rf /')"
>
> You should never eval() data from a user.
>
> What is surely better might be something like:
>
> tables = {"Author": Author,
> "Book": Book,}
>
> if requst.GET['table'] in tables:
> matches =
> tables[requst.GET['table']].objects.filter(title__icontains=requst.GET['query'])
>
> You can make this more sophisticated and even allow them to select the
> field, or just search them all.
>
> Hope that helps!
>
> -Doug
>
> > thanks
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Django users" group.
> > To post to this group, send email to django-us...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > django-users+unsubscr...@googlegroups.com<django-users%2bunsubscr...@googlegroups.com>
> > .
> > For more options, visit this group at
> >http://groups.google.com/group/django-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
