On Monday, January 27, 2014 3:21:25 PM UTC-5, Apple Mason wrote:
>
> Yeah, the search terms will be open to the public. But the search terms
> will be queried in the database using like() or contains() from the DAL.
> Will that be okay if those search terms are unsanitized?
>
Should be fine. Any
Yeah, the search terms will be open to the public. But the search terms
will be queried in the database using like() or contains() from the DAL.
Will that be okay if those search terms are unsanitized?
On Monday, January 27, 2014 2:34:45 PM UTC-5, Anthony wrote:
>
> Is this just a search form ma
Is this just a search form making GET requests open to the public? In that
case, I don't think you need to worry about CSRF or input sanitizing.
Anthony
On Monday, January 27, 2014 2:16:04 PM UTC-5, Apple Mason wrote:
>
> If I manually create the raw html form and set the action attribute, how
If I manually create the raw html form and set the action attribute, how
would I get csrf protection? SQLFORM would generate a token to handle this,
but wouldn't I lack this protection is I write the html myself? Also, since
there's no form.process().accepted, does this also mean I'm open to
un
You can set the "action" attribute of the form to the URL of your
searchbar() function (you might also change the method from post to get
since the form is for search). How you create the form itself in the view
depends on your needs. Do you just need a single text search field? What
does the s
I found this thread that has a similar problem:
https://groups.google.com/forum/#!searchin/web2py/form$20in$20layout.html/web2py/JRxUYp_YpHk/4uVM7kg9Ja4J
The example was:
def contact():
form=SQLFORM.factory()
if form.accepts()
return form # not dict(form=form)
and in
Oh, it's probably because the url is /index.html and not /searchform.html.
In that case, how would I create a search form that is present globally in
the site?
On Monday, January 27, 2014 12:04:43 AM UTC-5, Apple Mason wrote:
>
> My controller default.py:
>
> def searchbar:
> form = SQLFORM(
My controller default.py:
def searchbar:
form = SQLFORM()
return (form=form)
On Monday, January 27, 2014 12:03:37 AM UTC-5, Apple Mason wrote:
>
> I have a search bar that I want to display on every page, but something is
> not working. Here is an example of what I have:
>
> layo
8 matches
Mail list logo
