form.accepts(request.vars,session) will create three hidden fields: id,
_formname and _formkey -- if your jQuery post request doesn't send back
those hidden fields with matching values, the form will not accept. By
default, the _formname will be 'foo/[record id]', though you can override
that by specifying form.accepts(...,formname='yourform'). The _formkey field
is a one-time token and is only created if you pass session to form.accepts
(to prevent CSRF attacks and double submission). If you don't want to use
_formkey, then call form.accepts without session. Otherwise, you'll need to
pass the _formkey value to the view and have the jQuery post send it back.
Without session (and the formkey), something like this in the view:
var new_data = {id: '[record id to be updated]', name: 'new foo name',
_formname: 'fooform'};
Alternatively, instead of form.accepts, you could do
db.foo.validate_and_update(id=record.id,name=request.vars.name).
See http://web2py.com/book/default/chapter/07#Hidden-fields
and http://web2py.com/book/default/chapter/07#SQLFORM-and-insert/update/delete.
Anthony
On Friday, September 9, 2011 1:01:13 PM UTC-4, GD wrote:
Hi,
given this model:
db.define_table('foo',
Field('name'))
a jquery function in the view:
var new_data = {name: 'new foo name'};
$.post(
url,
new_data,
function(result){
// some kind of action upon success
},
'json'
);
let's say that url is already built in order to take the record id as
an argument,
so the controller has the following behavior:
def update():
record = db.foo(request.args(0)) # this works
form = SQLFORM(db.foo, record) # this works
if form.accepts(request.vars, session): # this is never hit
return dict(message='record updated')
else:
return dict(message='data did not validate') # this is always
hit
so the questions are
why it doesn't validate?
If it is not because any mistake on my side: is this an intended
behavior?
If it is intended: how is it possible to validate data passed
programmatically by a jquery function without human direct input?
Thanks
