>
> *Yes, because the html is already ready, and have other people involved in
> the project. So we're not using {{=form}}. ;)*
>
You can still take advantage of web2py's form processing without limiting
yourself to {{=form}}. Check out
http://web2py.com/books/default/chapter/29/7#Custom-forms (at least use
form.custom.end, which will include the hidden _formname and _formkey
fields, which are used in conjunction with the session to protect against
double submission and CSRF attacks). Also see
http://web2py.com/books/default/chapter/29/7#SQLFORM-in-HTML (with that
method, you'll still want to use form.custom.end for CSRF protection).
Note, using a web2py update form, you can also protect against race
conditions by setting detect_record_change=True -- see
http://web2py.com/books/default/chapter/29/7#Detect-record-change.
Anthony
