Thanks Anthony, it works ! Yes i know, i will use the same security which was used before (was in PHP) but i know how to use this in python now.
Thx again :) Le mercredi 16 décembre 2015 16:19:25 UTC+1, Anthony a écrit : > > Always use Python to build your paths: > > import os > filepath = os.path.join(request.folder, 'view', 'pictures', filename) > > Again, don't just use the filename provided by the user, as that is a > security vulnerability. > > Anthony > > On Wednesday, December 16, 2015 at 10:13:10 AM UTC-5, Adrien wrote: >> >> For the path, i just don't write my path but it works only when i used >> the all path (from C:/ to my folder pictures like >> "C:/Adrien/web2py/applications/myApp/view/pictures/", don't know how to >> write only "pictures/"). So if i can resolve this and find how to change >> the filename, it's good and my problem will be fix. >> >> For SQLFORM.factory : i already have a form divided in many html table >> with an anchor for each table, and i don't know how to do the same thing >> with the factory. >> >> Someone know how to fix the problem with the path and the filename ? >> >> Thx guys ! >> >> Le mercredi 16 décembre 2015 15:55:26 UTC+1, Anthony a écrit : >>> >>> On Wednesday, December 16, 2015 at 4:53:41 AM UTC-5, xmarx wrote: >>>> >>>> in controller: >>>> >>>> def index(): >>>> import os >>>> form=SQLFORM.factory(Field('name'),Field('file', >>>> 'upload',uploadfolder=os.path.join(request.folder,'uploads'))) >>>> if form.process().accepted: >>>> request.flash='file uploaded!' >>>> return dict(form=form) >>>> >>>> >>> The only problem with using SQLFORM.factory to handle file uploads is >>> that it will use the DAL upload mechanism to rename the file (including a >>> random UUID segment). Because there is no database table storing the new >>> filename, it will now be difficult to retrieve the file, as you will not >>> know the filename (you would have to scan the whole directory and decode >>> all of the base-16-encoded parts of the filenames to retrieve the original >>> filenames). >>> >>> Anthony >>> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.