Currently, in my application, I am passing navigational links in the header, such as /app/controller/view/1/2/3
Where 1/2/3 are things the controller and view use to set the correct page. In my application, I am finding two problems with this. First is security. Although I have written validation on my controllers (I hope), I just worry that with more users some malicious person will find a way to get access they shouldn't. Second and more urgent is my application broke when I tried to write my first ajax function, I assume because the navigational variables are competing with the ajax variables somehow. I say this because when I make the controller empty and just return a dict everything works as normal. However, when I have the controller look for variables in request.vars and I then try to call an ajax function, it breaks hideously. I don't claim to be a great programmer, so it could definitely be a convention I am not following. Has anyone had this problem before? How did you solve it? Should I pass my request.vars into the session and then have the view call them? I read in the book that I can do ajax trapping and I haven't tried that yet, but I didn't think it would be necessary since I could make it work without it. I will try it, but regardless I would love to get some feedback. for clarity, my code causing problems is below: def my_func(): if request.args: #First, I check to see if there is a record, if there is, I get some information. check=db(db.mydb.id==request.args(0)).select().first() if check !=None: records=db(db.mydb.id==request.args(0)).select() row = db(db.mydb.id==request.args(0)).select().first() counter=len(records) #if it isnt, I make it with a function else: row = db(db.mydb.id==request.args(0)).select().first() my_id=row.id (filename, stream) = db.mydb.myfield.retrieve(row.resourcefield) myfunc(id,filename,stream) records=db(db.mydb.id==request.args(0)).select() counter=len(records) pass #if there is no specific document request, generate a list of available files else: redirect(URL('mycontroller','this_function')) return(counter=counter, records=records, row=row) def myajaxfunc(): form=SQLFORM(db.mydb2, _action="myajaxfunc") if form.errors: session.flash="Error: " + str(form.errors) return XML(form) my view: {{for i in range(1,5):}} <div id="my_div" onclick="ajax('myajaxfunc',[''], 'mytarget_{{=str(i)}}')">Click me to add a note</div> <div id="mytarget_{{=str(i)}}"></div> {{pass}}