> > *Yes, because the html is already ready, and have other people involved in > the project. So we're not using {{=form}}. ;)* >
You can still take advantage of web2py's form processing without limiting yourself to {{=form}}. Check out http://web2py.com/books/default/chapter/29/7#Custom-forms (at least use form.custom.end, which will include the hidden _formname and _formkey fields, which are used in conjunction with the session to protect against double submission and CSRF attacks). Also see http://web2py.com/books/default/chapter/29/7#SQLFORM-in-HTML (with that method, you'll still want to use form.custom.end for CSRF protection). Note, using a web2py update form, you can also protect against race conditions by setting detect_record_change=True -- see http://web2py.com/books/default/chapter/29/7#Detect-record-change. Anthony