hi gang i have a subclass on my form as follows:
class NewUrl (forms.Field):
def clean(self, value):
rs=WebPage.objects.filter(url_slug=value)
thislength=str(len(value))
if rs.count()!=0:
raise forms.ValidationError ('This URL is already in
use.')
On Mon, 2009-03-23 at 12:31 -0700, Bobby Roberts wrote:
[...]
> I thought I read that there was a way to chk data for sql query
> injections / cross site scripting etc before insertion
The whole thing about SQL injections is that there is no way to 100%
reliably "check for them". So you don't
I'm not sure how django has built it sql injection protection, but I
would guess that when you fx do model.save() or form.save()
that the functions actually making the sql to the db makes sure
that there are no injections by making place holders for data ect.
XSS is something I do know how work,
> Cleaning data is not in place as a security measure, but rather to
> help you validate the data. That means that you can check the data
> and find out if it fill your requirements. If you have a text field
> and
> want users to type in a serial number, you probably need some
> custom validation
Hi
I'll try to help answer your 3 Qs
> 1. what does cleaning actually do... prevent sql query injections?
> Anything else?
Cleaning data is not in place as a security measure, but rather to
help you validate the data. That means that you can check the data
and find out if it fill your requireme
Hi all. I'm needing to learn how to tap into the clean data for
forms. I'm looking at
http://docs.djangoproject.com/en/dev/ref/forms/validation/
trying to figure things out.
By my understanding, raw data needs to be cleaned before insertion
into the database. I have a few que
6 matches
Mail list logo
