yes, that helps much. but in my dynamic field searching issue, exact field name used by filter method. even dictionary of fields not help there.
tables = {"Author": Author, "Book": Book,} fields = {"Author":Author().first_name, "Book":Book().title} if requst.GET['table'] in tables: f = fields[requst.GET['field']] matches = tables[requst.GET['table']].objects.filter (f__icontains=requst.GET['query']) thanks, Mehdi. On Jan 24, 9:53 pm, Doug Blank <doug.bl...@gmail.com> wrote: > On Sun, Jan 24, 2010 at 1:05 PM, mehdi0016 <mese1...@gmail.com> wrote: > > hi > > i'm new with python and django and i work on search page of my site. > > in my html search form, user can choose table(or field) which want to > > search. in server-side i use sequences of 'if' to find chosen table(or > > field) and related django model. > > ... > > #here i assume searched fields have the same name('title') > > q = requst.GET['query'] > > tbl = requst.GET['table'] > > if tbl == 'Book': > > result = Book.objects.filter(title__icontains=q) > > if tbl == 'Author': > > result = Author.objects.filter(title__icontains=q) > > ... > > now is there any way to reduce or eliminate 'if' sequences? > > i test this and it works: > > ... > > tbl = eval(requst.GET['table']) > > ... > > but i'm not sure that is best way? > > Not only is that not the best way, but may well be the worst. Consider: > > >>> print requst.GET['table'] > > "select os; os.system('rm -rf /')" > > You should never eval() data from a user. > > What is surely better might be something like: > > tables = {"Author": Author, > "Book": Book,} > > if requst.GET['table'] in tables: > matches = > tables[requst.GET['table']].objects.filter(title__icontains=requst.GET['query']) > > You can make this more sophisticated and even allow them to select the > field, or just search them all. > > Hope that helps! > > -Doug > > > thanks > > > -- > > You received this message because you are subscribed to the Google Groups > > "Django users" group. > > To post to this group, send email to django-us...@googlegroups.com. > > To unsubscribe from this group, send email to > > django-users+unsubscr...@googlegroups.com<django-users%2bunsubscr...@googlegroups.com> > > . > > For more options, visit this group at > >http://groups.google.com/group/django-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.